Use sudo to deploy and run ansible as a regular user

4 files changed, 9 insertions, 3 deletions

diff --git a/roles/local_deploy/files/ansible_run.sudoers b/roles/local_deploy/files/ansible_run.sudoers
new file mode 100644
index 0000000..ea995ab
--- /dev/null
+++ b/roles/local_deploy/files/ansible_run.sudoers
@@ -0,0 +1 @@
+%admins ALL=(ALL) NOPASSWD: /usr/local/bin/ansible_run.sh
diff --git a/roles/local_deploy/files/extract_wrapper.sh b/roles/local_deploy/files/extract_wrapper.sh
new file mode 100644
index 0000000..240fb71
--- /dev/null
+++ b/roles/local_deploy/files/extract_wrapper.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+export GIT_DIR=$1
+GIT_WORK_TREE=/etc/ansible/ git checkout -q -f
+
diff --git a/roles/local_deploy/files/post-receive.private.sh b/roles/local_deploy/files/post-receive.private.sh
index e6d6abb..527c520 100644
--- a/roles/local_deploy/files/post-receive.private.sh
+++ b/roles/local_deploy/files/post-receive.private.sh
@@ -1,2 +1,2 @@
 #!/bin/sh
-GIT_WORK_TREE=/etc/ansible/ git checkout -q -f
+sudo /usr/local/bin/extract_wrapper.sh
diff --git a/roles/local_deploy/files/post-receive.public.sh b/roles/local_deploy/files/post-receive.public.sh
index ce4da28..adcfa80 100644
--- a/roles/local_deploy/files/post-receive.public.sh
+++ b/roles/local_deploy/files/post-receive.public.sh
@@ -1,4 +1,5 @@
 #!/bin/sh
-GIT_WORK_TREE=/etc/ansible/ git checkout -q -f
+sudo /usr/local/bin/extract_wrapper.sh $GIT_DIR
+#GIT_WORK_TREE=/etc/ansible/ git checkout -q -f
 # run ansible
-/usr/local/bin/ansible_run.sh
+sudo /usr/local/bin/ansible_run.sh