my-stamps.ru: migrate away from DigitalOcean

[php-coder]

Reasons to change the hosting:

• I can't pay for it anymore as my card isn't accepted
• The price got higher ($7.2/mo) and there should be a cheaper alternative

Requirements:

• it should be possible to create VMs with Terraform

Plan:

• [ ] automate the current provisioning with Terraform
  • [x] install tfenv to fix tfenv: command not found
  • [x] show versions of tfenv and terraform
    • [x] fix cat: /home/runner/work/mystamps/mystamps/tfenv/version: No such file or directory. Version could not be resolved (set by /home/runner/work/mystamps/mystamps/tfenv/version or tfenv use <version>) (execute tfenv use after installation)
  • [x] execute terraform init
  • [x] execute terraform plan
    • [x] fix Error: No configuration files
    • [x] pass -detailed-exitcode option
    • [x] import existing resources
      • [x] commit encrypted terraform.tfstate file in generated-terraform branch
      • [x] ~pass a token as -var option or as env variable TF_VAR_<name>~ commit encrypted terraform.tfvars file (with do_token)
      • [x] checkout generated-terraform branch to the nested folder
      • [x] decrypt terraform.tfvars file (+ always clean it up)
      • [x] decrypt terraform.tfstate file (+ always clean it up)
      • [x] pass -state=terraform.tfstate option and -var-file=terraform.tfvars
      • [ ] update docs to use files from a new branch (decrypt, remove terraform.tfvars.example file and update .gitignore)
  • [ ] decide whether to execute terraform apply or not (and how to deal with terraform's plan and possibly modified state file)
    • [ ] consider using input variables for plan/apply
      • [ ] https://github.blog/changelog/2021-11-10-github-actions-input-types-for-manual-workflows/
      • [ ] https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
  • [x] mark a variable as sensitive (https://www.digitalocean.com/community/tutorials/how-to-protect-sensitive-data-in-terraform) (requires terraform >= 0.14; see #1613)
• [ ] automate the current provisioning with Ansible
  • [ ] #1125
  • [ ] #435
  • [ ] #267
  • [x] run a playbook in --syntax-check mode
    • [x] commit infra/vagrant/provisioning/prod.inventory
      • [x] correct links
    • [x] commit infra/vagrant/provisioning/vars/prod.yml
    • [x] fix ansible-playbook: ERROR! the role 'php-coder.oraclejdk' was not found
    • [x] fix ansible-galaxy: ERROR! Expecting requirements file to be a dict with the key 'collections' that contains a list of collections to install
  • [x] run a playbook in --check mode (resolution: as we can't fully rely on check mode (because shell and command are always get executed), let's not use it)
  • [ ] run a real playbook
    • [x] fix Failed to connect to the host via ssh: Host key verification failed (disable host key checking)
    • [x] fix Failed to connect to the host via ssh: no such identity: /Users/coder/.ssh/mystamps_rsa: No such file or directory (commit mystamps_rsa)
    • [ ] fix Could not find or access '../../../target/mystamps.war (need to build WAR file)
• [ ] provision with Terraform to a new server
• [ ] provision with Ansible to a new server
• [ ] add caching for tfenv/terraform/ansible/ansible roles
• [x] consider running ansible with --diff option (and set diff: no to the tasks with sensitive information) (resolution: we decided to not use check mode, so this option isn't needed either)
• [ ] merge together 2 prod inventories (one for deploy and one for everything else) (#431)
• [ ] choose a way to run ansible: fully from a pipeline or from within a script (like deploy.sh). The latter has a benefit that it can be run locally, as well (easier to debug)

See also similar issue for the past migration: #399