ansible/.gitlab-ci.yml

96 lines
2.4 KiB
YAML
Raw Normal View History

image: ubuntu:focal
stages:
- lint
- test
- play
before_script:
# Get the packages we need
- apt-get update
- apt-get install gnupg openssh-client python3-cryptography python3-docker python3-pip python-is-python3 wget -y
- pip install ansible ansible-lint
# Dump our key
- eval $(ssh-agent -s)
- echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod -R 0700 ~/.ssh
# Dump the vault password
- touch /vaultpw
- chmod 0600 /vaultpw
- echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw
# Fix perms on the playbook root
- chmod -R 0750 .
# Join the Zerotier management network
2021-07-31 20:34:09 -05:00
- |
[ -n "$ZEROTIER_NETWORK_ID" ] && \
wget -qO - https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | apt-key add - && \
echo "deb http://download.zerotier.com/debian/buster buster main" >> /etc/apt/sources.list && \
apt-get update && \
apt-get install zerotier-one -y && \
service zerotier-one start && \
sleep 5 && \
zerotier-cli join "$ZEROTIER_NETWORK_ID" && \
sleep 5 && \
zerotier-cli info && \
zerotier-cli listnetworks
# Get ready for execution
2021-08-01 21:39:36 -05:00
- ansible-galaxy install -r requirements.yml
after_script:
2021-07-31 20:34:09 -05:00
- |
[ -n "$ZEROTIER_NETWORK_ID" ] && \
zerotier-cli leave "$ZEROTIER_NETWORK_ID"
## HOUSEKEEPING
Lint:
2021-08-01 14:55:25 -05:00
stage: lint
allow_failure: yes
interruptible: yes
2021-08-01 14:55:25 -05:00
except:
- pipelines
2021-08-01 14:56:59 -05:00
- schedules
script:
- ansible-lint --version
- ansible-lint site.yml
## TEST
.test:
stage: test
2021-08-01 14:55:25 -05:00
interruptible: yes
except:
- pipelines
allow_failure:
exit_codes:
- 4
pis:test:
extends: .test
script:
- ansible-playbook -l tags_pis --skip-tags no-test -C site.yml --vault-password-file /vaultpw
desktop:test:
extends: .test
script:
- ansible-playbook -l tags_desktop --skip-tags no-test -C site.yml --vault-password-file /vaultpw
prod:test:
extends: .test
script:
- ansible-playbook -l tags_prod --skip-tags no-test -C site.yml --vault-password-file /vaultpw
## PLAY
.play:
stage: play
allow_failure:
exit_codes:
- 4
pis:play:
extends: .play
script:
- ansible-playbook -l tags_pis site.yml --vault-password-file /vaultpw
desktop:play:
extends: .play
script:
- ansible-playbook -l tags_desktop site.yml --vault-password-file /vaultpw
prod:play:
extends: .play
script:
- ansible-playbook -l tags_prod site.yml --vault-password-file /vaultpw