diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5080226..b634d2d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,10 +13,9 @@ services: stages: - lint - ansible-builder - - run-vpn-config-update - run-setup - run-setup-digitalocean - - run-management-update + - run-update - run-patchday-elastic-postgres - run-patchday-all-k8s - run-hcloud-firewall @@ -117,70 +116,6 @@ builder-job-prodnso-manual: - dind - harbor # 05.02.22 TODO some runners run into timeouts -################################################################################## -### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml -### _ -### | | -### __ ___ __ _ __ _ _ _ __ ___ | | -### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| | -### \ V /| |_) | | | || |_| | | | | | | | -### \_/ | .__/|_| |_(_)__, |_| |_| |_|_| -### | | __/ | -### |_| |___/ -### - -.vpn-config-update: - extends: .run-ansible - # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - stage: run-vpn-config-update - script: - - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - - mkdir -p ~/.ssh - - chmod 0700 ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - - ssh-add -L - - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci - only: - changes: - - usser/**/wireguard.yml - except: - - schedules - tags: - - dind - - harbor # 05.02.22 TODO some runners run into timeouts - -vpn-config-update-dev: - extends: .vpn-config-update - # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - resource_group: dev - before_script: - - export STAGE=dev - - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - only: - - main - -vpn-config-update-qa: - extends: .vpn-config-update - # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - resource_group: qa - before_script: - - export STAGE=qa - - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - only: - - qa - -vpn-config-update-prodnso: - extends: .vpn-config-update - # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - resource_group: prodnso - before_script: - - export STAGE=prodnso - - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - only: - - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml @@ -267,6 +202,72 @@ run-setup-demompmx: - prodnso +################################################################################## +### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml +### _ +### | | +### __ ___ __ _ __ _ _ _ __ ___ | | +### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| | +### \ V /| |_) | | | || |_| | | | | | | | +### \_/ | .__/|_| |_(_)__, |_| |_| |_|_| +### | | __/ | +### |_| |___/ +### + +.vpn-config-update: + extends: .run-ansible + # A resource group ensures a job is mutually exclusive across different pipelines for the same project. + stage: run-update + script: + - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' + - eval $(ssh-agent -s) + - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' + - mkdir -p ~/.ssh + - chmod 0700 ~/.ssh + - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' + - ssh-add -L + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci + only: + changes: + - usser/**/wireguard.yml + except: + - schedules + tags: + - dind + - harbor # 05.02.22 TODO some runners run into timeouts + +vpn-config-update-dev: + extends: .vpn-config-update + # A resource group ensures a job is mutually exclusive across different pipelines for the same project. + resource_group: dev + before_script: + - export STAGE=dev + - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + only: + - main + +vpn-config-update-qa: + extends: .vpn-config-update + # A resource group ensures a job is mutually exclusive across different pipelines for the same project. + resource_group: qa + before_script: + - export STAGE=qa + - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + only: + - qa + +vpn-config-update-prodnso: + extends: .vpn-config-update + # A resource group ensures a job is mutually exclusive across different pipelines for the same project. + resource_group: prodnso + before_script: + - export STAGE=prodnso + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + only: + - prodnso + + ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml ### @@ -281,7 +282,7 @@ run-setup-demompmx: .run-management-update: extends: .run-ansible - stage: run-management-update + stage: run-update script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) @@ -336,6 +337,7 @@ run-management-update-demompmx: only: - prodnso + ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml ### @@ -612,6 +614,7 @@ run-patchday-k8s-demompmx: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml ### @@ -689,6 +692,7 @@ run-hcloud-firewall-demompmx: only: - prodnso + ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean ###