Skip to main content

Ansible as a Hybrid CI/CD Platform

By df

Summary

Traditional CI/CD tools like GitHub Actions, GitLab CI/CD, and Azure DevOps (ADO) offer powerful pipeline features, but they often tightly couple your automation logic to their platforms. This creates a problem when switching tools or scaling across teams.

By using Ansible as the central workflow engine—and treating GitHub, GitLab, or ADO as lightweight orchestrators—you can build a modular, portable CI/CD system. This hybrid approach enables tool-agnostic pipelines and promotes reuse across projects and platforms.

Why Use Ansible in CI/CD?

  • Portability: Move your pipeline between GitHub, GitLab, or ADO without rewriting core logic.
  • Modularity: Write Ansible playbooks for each stage (build, test, deploy) and reuse them across environments.
  • Maintainability: Keep your workflow logic in version-controlled, testable, and readable YAML files.
  • Tool Independence: Avoid vendor lock-in by abstracting workflow logic into a standalone orchestration tool.

Hybrid Architecture Overview

The hybrid CI/CD model uses GitHub/GitLab/ADO for pipeline triggers, secrets management, and runners. The actual deployment and orchestration logic is handled by Ansible. This creates a clean separation of responsibilities.

Typical Workflow

  1. CI tool checks out the repository
  2. Authenticates using stored secrets (tokens, SSH keys, etc.)
  3. Executes Ansible Playbook 1 (e.g., build stage)
  4. Executes Ansible Playbook 2 (e.g., deploy stage)
  5. Optional: Runs native CI/CD steps like artifact uploads, test reports, etc.

Example: GitHub Actions with Ansible

Below is an example of a GitHub Actions workflow calling Ansible playbooks. 

name: Deploy App

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Setup SSH for Ansible
        run: |
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa

      - name: Run Ansible Playbook - Build
        run: |
          ansible-playbook ci/playbook_build.yml -i inventory

      - name: Run Ansible Playbook - Deploy
        run: |
          ansible-playbook ci/playbook_deploy.yml -i inventory

You can replicate the same flow in GitLab CI/CD or Azure Pipelines by replacing the YAML syntax but still calling the same Ansible playbooks.

Suggested Folder Structure

.
├── .github/
│   └── workflows/
│       └── deploy.yml
├── ci/
│   ├── playbook_build.yml
│   ├── playbook_test.yml
│   ├── playbook_deploy.yml
│   └── inventory
└── src/
    └── ...

Secrets and Security

Store sensitive credentials (like SSH keys, cloud tokens, API keys) in your CI platform's secrets manager. Inject them at runtime and use Ansible vaults or environment variables as needed.

Local Testing Advantage

A key benefit of using Ansible is the ability to test playbooks locally before pushing code. This enables faster iteration and easier debugging. 

ansible-playbook ci/playbook_build.yml -i ci/inventory

Combining Native CI Features with Ansible

This hybrid model doesn't exclude native CI/CD capabilities. You can still:

  • Run linters, unit tests, or style checks directly in the CI system
  • Upload or publish artifacts natively
  • Use platform-specific integrations (e.g., GitHub Packages or GitLab Pages)

Let Ansible handle what it does best: orchestration, provisioning, deployment, and multi-environment management.

Conclusion

Adopting Ansible as your core CI/CD execution engine, while leveraging GitHub, GitLab, or ADO for orchestration, allows for highly modular and portable pipelines. This hybrid model:

  • Reduces vendor lock-in
  • Improves maintainability
  • Enables reuse across environments and teams

Whether you're deploying to cloud, on-prem, or hybrid environments, using Ansible as the backbone of your CI/CD can bring clarity, consistency, and control to your software delivery process.

Labels:

Popular posts from this blog

Syslog Standards: A simple Comparison between RFC3164 & RFC5424

By
Syslog Standards: A simple Comparison between RFC3164 (old format) & RFC5424 (new format) Though syslog standards have been for quite long time, lot of people still doesn't understand the formats in detail. The original standard document is quite lengthy to read and purpose of this article is to explain with examples Some of things you might need to understand The RFC standards can be used in any syslog daemon (syslog-ng, rsyslog etc.) Always try to capture the data in these standards. Especially when you have log aggregation like Splunk or Elastic, these templates are built-in which makes your life simple. Syslog can work with both UDP & TCP  Link to the documents the original BSD format ( RFC3164 ) the “new” format ( RFC5424 ) RFC3164 (the old format) RFC3164 originated from combining multiple implementations (Year 2001) ...
Read more

Create your own Passport Photo using GIMP

By df
This tutorial is for semi-techies who knows a bit of GIMP (image editing).   This tutorial is for UK style passport photo ( 45mm x 35 mm ) which is widely used in UK, Australia, New Zealand, India etc.  This is a quick and easy process and one can create Passport photos at home If you are non-technical, use this link   .  If you want to create United States (USA) Passport photo or Overseas Citizen of India (OCI) photo, please follow this link How to Make your own Passport Photo - Prerequisite GIMP - One of the best image editing tools and its completely Free USB stick or any memory device to store and take to nearby shop A quality Digital camera Local Shops where you can print. Normally it costs (£0.15 or 25 US cents) to print 8 photos Steps (Video Tutorial attached blow of this page) Ask one of your colleague to take a photo  of you with a light background. Further details of how to take a photo  yourself       ...
Read more

VS Code & Portable GIT shell integration in Windows

By df
Visual Studio Code & GIT Portable shell Integration Summary Many of your corporate laptop cannot install programs and it is quite good to have them as portable executables. Here we find a way to have Portable VS Code and Portable GIT and integrate the GIT shell into VS Code Pre-Reqs VS Code (Install version or Portable ) GIT portable Steps Create a directory in your Windows device (eg:  C:\installables\ ) Unpack GIT portable into the above directory (eg it becomes: C:\installables\PortableGit ) Now unpack Visual Studio (VS) Code and run it. The default shell would be windows based Update User or Workspace settings of VS Code (ShortCut is:  Control+Shift+p ) Search for 'Open Workspace Settings (JSON)' and press Enter Update the settings with following setting { "workbench.colorTheme": "Default Dark+", "git.ignoreMissingGitWarning": true, "git.enabled": true, "terminal.integrated.profiles.windo...
Read more