image: rehashedsalt/ansible-env:bleeding
variables:
  SSH_BASTION_ARGS: '-o "ProxyCommand=ssh -W %h:%p -q ansible@bastion1.dallas.mgmt.desu.ltd"'
stages:
  - lint
  - test
  - play
before_script:
  # Dump our key
  - eval $(ssh-agent -s)
  - echo "$ANSIBLE_SSH_KEY" | tr -d '\r' | ssh-add -
  - mkdir -p ~/.ssh
  - chmod -R 0700 ~/.ssh
  - touch ~/.ssh/desu
  - chmod 0600 ~/.ssh/desu
  - echo "$ANSIBLE_SSH_KEY" | tr -d '\r' > ~/.ssh/desu
  # Dump the vault password
  - touch /vaultpw
  - chmod 0600 /vaultpw
  - echo "$ANSIBLE_VAULT_PASSWORD" > /vaultpw
  # Fix perms on the playbook root
  - chmod -R 0750 .
  # Join the Zerotier management network
  - |
    [ -n "$ZEROTIER_NETWORK_ID" ] && \
    service zerotier-one start && \
    sleep 5 && \
    zerotier-cli join "$ZEROTIER_NETWORK_ID" && \
    sleep 5 && \
    zerotier-cli info && \
    zerotier-cli listnetworks
  # Get ready for execution
  - ansible-galaxy install -r requirements.yml
  # And run a quick test SSH connection to the bastion box
  - ssh ansible@bastion1.dallas.mgmt.desu.ltd uptime
after_script:
  - |
    [ -n "$ZEROTIER_NETWORK_ID" ] && \
    zerotier-cli leave "$ZEROTIER_NETWORK_ID"

Lint:
  stage: lint
  interruptible: yes
  except:
    - pipelines
    - schedules
  script:
    - ansible-lint --version
    - ansible-lint site.yml

Test:
  stage: test
  retry: 1
  interruptible: yes
  except:
    - pipelines
  script:
    - ansible-playbook --skip-tags no-test -C site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi

Play_Against_Remote:
  stage: play
  script:
    - ansible-playbook -l '!tags_home' site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi
Play_Against_Home:
  stage: play
  retry: 1
  script:
    - ansible-playbook -vvv -l tags_home site.yml --ssh-common-args="$SSH_BASTION_ARGS" --vault-password-file /vaultpw || error="$?"
    - if [ "$error" -eq 4 ]; then echo "Some hosts were unreachable; masking error"; unset error; fi
    - if [ -n "$error" ]; then echo "Return code $error"; false; fi