.gitlab-ci.yml 2.24 KB
Newer Older
Rob Connolly's avatar
Rob Connolly committed
1
2
3
4
5
6
7
8
---
stages:
  - preflight
  - check
  - deploy

variables:
  GIT_SUBMODULE_STRATEGY: recursive
Rob Connolly's avatar
Rob Connolly committed
9
  #ANSIBLE_TAGS: "zfs,docker,mail"
Rob Connolly's avatar
Rob Connolly committed
10
  ANSIBLE_TAGS: "frigate"
Rob Connolly's avatar
Rob Connolly committed
11
12
13
14
15
16
17

# Generic preflight template
.preflight: &preflight
  stage: preflight
  tags:
    - ansible

Rob Connolly's avatar
Rob Connolly committed
18
19
20
# Generic Ansible template
.ansible: &ansible
  image:
Rob Connolly's avatar
Rob Connolly committed
21
    name: registry.gitlab.com/robconnolly/docker-ansible:latest
Rob Connolly's avatar
Rob Connolly committed
22
23
24
    entrypoint: [""]
  before_script:
    - ansible --version
Rob Connolly's avatar
Rob Connolly committed
25
    - echo $ANSIBLE_VAULT_PASSWORD > vault.key
Rob Connolly's avatar
Rob Connolly committed
26
27
    - echo "$DEPLOYMENT_SSH_KEY" > id_rsa
    - chmod 600 id_rsa
28
29
    - ansible-galaxy role install --force -r requirements.yml -p playbooks/roles/
    - ansible-galaxy collection install -r requirements.yml
Rob Connolly's avatar
Rob Connolly committed
30
  after_script:
Rob Connolly's avatar
Rob Connolly committed
31
    - rm vault.key id_rsa
32
33
  variables:
    ANSIBLE_CONFIG: $CI_PROJECT_DIR/ansible.cfg
Rob Connolly's avatar
Rob Connolly committed
34
    ANSIBLE_VAULT_PASSWORD_FILE: ./vault.key
Rob Connolly's avatar
Rob Connolly committed
35
36
37
  tags:
    - ansible

Rob Connolly's avatar
Rob Connolly committed
38
39
40
41
42
43
44
45
46
47
48
# Preflight jobs
shellcheck:
  <<: *preflight
  image:
    name: koalaman/shellcheck-alpine:stable
    entrypoint: [""]
  before_script:
    - shellcheck --version
    - apk --no-cache add grep
  script:
    - |
Rob Connolly's avatar
Rob Connolly committed
49
50
      for file in $(grep -IRl "#\!\(/usr/bin/env \|/bin/\)" \
            --exclude-dir ".git" .); do
Rob Connolly's avatar
Rob Connolly committed
51
52
53
54
55
56
57
58
59
60
        if ! shellcheck -x $file; then
          export FAILED=1
        else
          echo "$file OK"
        fi
      done
      if [ "${FAILED}" = "1" ]; then
        exit 1
      fi

Rob Connolly's avatar
Rob Connolly committed
61
62
63
64
65
66
67
68
#yamllint:
#  <<: *preflight
#  image: sdesbure/yamllint
#  before_script:
#    - yamllint --version
#    - rm hosts.yml
#  script:
#    - yamllint .
Rob Connolly's avatar
Rob Connolly committed
69
70
71
72
73
74
75
76
77
78
79
80

markdownlint:
  <<: *preflight
  image:
    name: ruby:alpine
    entrypoint: [""]
  before_script:
    - apk --no-cache add git
    - gem install mdl
    - mdl --version
  script:
    - mdl --style all --warnings --git-recurse .
Rob Connolly's avatar
Rob Connolly committed
81
82
83
84
85
86
87

# Ansible check jobs
ping-hosts:
  <<: *ansible
  stage: check
  script:
    - ansible all -m ping
Rob Connolly's avatar
Rob Connolly committed
88
  allow_failure: true
Rob Connolly's avatar
Rob Connolly committed
89

90
ansible-lint:
Rob Connolly's avatar
Rob Connolly committed
91
92
93
  <<: *ansible
  stage: check
  script:
Rob Connolly's avatar
Rob Connolly committed
94
    - ansible-lint -x 403 --exclude playbooks/roles playbooks/*.yml
95
96
97
98
99
100
101
102
103
104

package-upgrades:
  <<: *ansible
  stage: deploy
  script:
    - ansible-playbook playbooks/upgrades.yml
  only:
    refs:
      - master
  when: manual
105
106
107
108
109

common-roles:
  <<: *ansible
  stage: deploy
  script:
110
    - ansible-playbook playbooks/common.yml --tags $ANSIBLE_TAGS
111
112
113
  only:
    refs:
      - master