ansible/.gitlab-ci.yml

image: ubuntu:focal
stages:
  - lint
  - test
  - play
before_script:
  # Get the packages we need
  - apt-get update
  - apt-get install gnupg openssh-client python3-cryptography python3-docker python3-pip python-is-python3 wget -y
  - pip install ansible ansible-lint
  # Dump our key
  - eval $(ssh-agent -s)
  - echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod -R 0700 ~/.ssh
  # Dump the vault password
  - touch /vaultpw
  - chmod 0600 /vaultpw
  - echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw
  # Fix perms on the playbook root
  - chmod -R 0750 .
  # Join the Zerotier management network
  - |
    [ -n "$ZEROTIER_NETWORK_ID" ] && \
    wget -qO - https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg | apt-key add - && \
    echo "deb http://download.zerotier.com/debian/buster buster main" >> /etc/apt/sources.list && \
    apt-get update && \
    apt-get install zerotier-one -y && \
    service zerotier-one start && \
    sleep 5 && \
    zerotier-cli join "$ZEROTIER_NETWORK_ID" && \
    sleep 5 && \
    zerotier-cli info && \
    zerotier-cli listnetworks
  # Get ready for execution
  - ansible-galaxy install -r requirements.yml
after_script:
  - |
    [ -n "$ZEROTIER_NETWORK_ID" ] && \
    zerotier-cli leave "$ZEROTIER_NETWORK_ID"

## HOUSEKEEPING
Lint:
  stage: lint
  allow_failure: yes
  interruptible: yes
  except:
    - pipelines
    - schedules
  script:
    - ansible-lint --version
    - ansible-lint site.yml

## TEST
.test:
  stage: test
  interruptible: yes
  except:
    - pipelines
  allow_failure:
    exit_codes:
      - 4

pis:test:
  extends: .test
  script:
    - ansible-playbook -l tags_pis --skip-tags no-test -C site.yml --vault-password-file /vaultpw
desktop:test:
  extends: .test
  script:
    - ansible-playbook -l tags_desktop --skip-tags no-test -C site.yml --vault-password-file /vaultpw
prod:test:
  extends: .test
  script:
    - ansible-playbook -l tags_prod --skip-tags no-test -C site.yml --vault-password-file /vaultpw

## PLAY
.play:
  stage: play
  allow_failure:
    exit_codes:
      - 4

pis:play:
  extends: .play
  script:
    - ansible-playbook -l tags_pis site.yml --vault-password-file /vaultpw
desktop:play:
  extends: .play
  script:
    - ansible-playbook -l tags_desktop site.yml --vault-password-file /vaultpw
prod:play:
  extends: .play
  script:
    - ansible-playbook -l tags_prod site.yml --vault-password-file /vaultpw
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`image: ubuntu:focal`
			`stages:`
Move linting to its own stage, install python-is-python3 in setup 2021-07-31 20:03:38 -05:00			`- lint`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`- test`
			`- play`
			`before_script:`
			`# Get the packages we need`
			`- apt-get update`
Revert installing Ansible from apt and try a different approach to reduce build times 2021-08-01 12:50:59 -05:00			`- apt-get install gnupg openssh-client python3-cryptography python3-docker python3-pip python-is-python3 wget -y`
			`- pip install ansible ansible-lint`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`# Dump our key`
			`- eval $(ssh-agent -s)`
			`- echo "$ANSIBLE_SSH_KEY" \| tr -d '\r' \| ssh-add -`
			`- mkdir -p ~/.ssh`
			`- chmod -R 0700 ~/.ssh`
			`# Dump the vault password`
			`- touch /vaultpw`
			`- chmod 0600 /vaultpw`
			`- echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw`
			`# Fix perms on the playbook root`
			`- chmod -R 0750 .`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`# Join the Zerotier management network`
Fix block commands in setup script 2021-07-31 20:34:09 -05:00			`- \|`
			`[ -n "$ZEROTIER_NETWORK_ID" ] && \`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`wget -qO - https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg \| apt-key add - && \`
			`echo "deb http://download.zerotier.com/debian/buster buster main" >> /etc/apt/sources.list && \`
Use Ansible from Ubuntu repos, unmask error code for pushes 2021-08-01 12:41:46 -05:00			`apt-get update && \`
			`apt-get install zerotier-one -y && \`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`service zerotier-one start && \`
Add some sleeps to give the service time to start up 2021-07-31 20:46:58 -05:00			`sleep 5 && \`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`zerotier-cli join "$ZEROTIER_NETWORK_ID" && \`
Add some sleeps to give the service time to start up 2021-07-31 20:46:58 -05:00			`sleep 5 && \`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`zerotier-cli info && \`
			`zerotier-cli listnetworks`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`# Get ready for execution`
Move requirements.yml to root 2021-08-01 21:39:36 -05:00			`- ansible-galaxy install -r requirements.yml`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`after_script:`
Fix block commands in setup script 2021-07-31 20:34:09 -05:00			`- \|`
			`[ -n "$ZEROTIER_NETWORK_ID" ] && \`
Add integration with my ZT management network 2021-07-31 20:30:16 -05:00			`zerotier-cli leave "$ZEROTIER_NETWORK_ID"`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`## HOUSEKEEPING`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`Lint:`
Disable lints and tests for pipelines 2021-08-01 14:55:25 -05:00			`stage: lint`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`allow_failure: yes`
Mark lint and test stages as interruptible 2021-07-31 21:04:25 -05:00			`interruptible: yes`
Disable lints and tests for pipelines 2021-08-01 14:55:25 -05:00			`except:`
			`- pipelines`
Disable them for schedules too 2021-08-01 14:56:59 -05:00			`- schedules`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`script:`
			`- ansible-lint --version`
			`- ansible-lint site.yml`

Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`## TEST`
			`.test:`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`stage: test`
Disable lints and tests for pipelines 2021-08-01 14:55:25 -05:00			`interruptible: yes`
			`except:`
			`- pipelines`
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`allow_failure:`
			`exit_codes:`
			`- 4`

			`pis:test:`
			`extends: .test`
			`script:`
			`- ansible-playbook -l tags_pis --skip-tags no-test -C site.yml --vault-password-file /vaultpw`
			`desktop:test:`
			`extends: .test`
			`script:`
			`- ansible-playbook -l tags_desktop --skip-tags no-test -C site.yml --vault-password-file /vaultpw`
			`prod:test:`
			`extends: .test`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`script:`
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`- ansible-playbook -l tags_prod --skip-tags no-test -C site.yml --vault-password-file /vaultpw`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`## PLAY`
			`.play:`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`stage: play`
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`allow_failure:`
			`exit_codes:`
			`- 4`

			`pis:play:`
			`extends: .play`
Add a GitLab CI file Note: Still not using GitLab for now, but this may help when I do 2021-06-20 20:26:09 -05:00			`script:`
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`- ansible-playbook -l tags_pis site.yml --vault-password-file /vaultpw`
			`desktop:play:`
			`extends: .play`
Split plays into three parts that execute (and fail) in parallel 2021-07-31 19:49:14 -05:00			`script:`
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`- ansible-playbook -l tags_desktop site.yml --vault-password-file /vaultpw`
			`prod:play:`
			`extends: .play`
Split plays into three parts that execute (and fail) in parallel 2021-07-31 19:49:14 -05:00			`script:`
Break out testing into its own triple-parallelized flow 2021-08-05 01:27:41 -05:00			`- ansible-playbook -l tags_prod site.yml --vault-password-file /vaultpw`