diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 12f72e3..c683a1f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,18 +11,18 @@ services: alias: docker stages: - - ansible-lint + - lint - ansible-builder - - ansible-run-setup - - ansible-run-kubernetes - - ansible-update-management - - ansible-patchday + - run-setup + - run-kubernetes + - run-management-update + - run-patchday -ansible-lint-job: - stage: ansible-lint +lint-job: + stage: lint script: - - echo "Running ansible-lint to check for linting violations" - - ansible-lint -c ansible-lint.cfg + - echo "Running lint to check for linting violations" + - lint -c lint.cfg only: - branches except: @@ -30,14 +30,14 @@ ansible-lint-job: tags: - dind -ansible-builder-job: +builder-job: # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - resource_group: deployment + resource_group: dev stage: ansible-builder before_script: - cd ansible-builder script: - - echo "Running ansible-build to build awx execution environment" + - echo "Running ansible-builder to build awx execution environment" - ansible-builder build -v 3 --tag $AWX_EE_DOCKER_IMAGE_EXTERN:latest - docker push $AWX_EE_DOCKER_IMAGE_EXTERN:latest only: @@ -54,20 +54,20 @@ ansible-builder-job: - harbor # 05.02.22 TODO some runners run into timeouts ######## -### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run +### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml ### -### _ _ _ _ _ -### (_) | | | | | | | -### __ _ _ __ ___ _| |__ | | ___ ______ _ __ _ _ _ __ ______ ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | -### / _` | '_ \/ __| | '_ \| |/ _ \ |______| | '__| | | | '_ \ |______| / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | -### | (_| | | | \__ \ | |_) | | __/ | | | |_| | | | | \__ \ __/ |_| |_| | |_) | |_| | | | | | | | -### \__,_|_| |_|___/_|_.__/|_|\___| |_| \__,_|_| |_| |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| -### | | __/ | -### |_| |___/ +### _ _ +### | | | | +### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | +### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | +### \__ \ __/ |_| |_| | |_) | |_| | | | | | | | +### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| +### | | __/ | +### |_| |___/ -.ansible-run-setup: +.run-setup: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-run-setup + stage: run-setup script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) @@ -77,15 +77,16 @@ ansible-builder-job: - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts -ansible-run-kubernetes-dev: - extends: .ansible-run-setup +run-kubernetes-dev: + extends: .run-setup resource_group: dev before_script: - export STAGE=dev @@ -93,8 +94,8 @@ ansible-run-kubernetes-dev: - main - schedules -ansible-run-kubernetes-qa: - extends: .ansible-run-setup +run-kubernetes-qa: + extends: .run-setup resource_group: qa before_script: - export STAGE=qa @@ -102,8 +103,8 @@ ansible-run-kubernetes-qa: - qa - schedules -ansible-run-kubernetes-prodnso: - extends: .ansible-run-setup +run-kubernetes-prodnso: + extends: .run-setup resource_group: prodnso before_script: - export STAGE=prodnso @@ -112,20 +113,20 @@ ansible-run-kubernetes-prodnso: - schedules ######## -### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run +### This Page: http://patorjk.com/software/taag/#p=display&f=Doom&t=kubernetes.yml ### -### _ _ _ _ _ _ _ -### (_) | | | | | | | | | | | -### __ _ _ __ ___ _| |__ | | ___ ______ _ __ _ _ _ __ ______ | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | | -### / _` | '_ \/ __| | '_ \| |/ _ \ |______| | '__| | | | '_ \ |______| | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| | -### | (_| | | | \__ \ | |_) | | __/ | | | |_| | | | | | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | | -### \__,_|_| |_|___/_|_.__/|_|\___| |_| \__,_|_| |_| |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_| -### __/ | -### |___/ +### _ _ _ _ +### | | | | | | | | +### | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | | +### | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| | +### | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | | +### |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_| +### __/ | +### |___/ -.ansible-run-kubernetes: +.run-kubernetes: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-run-kubernetes + stage: run-kubernetes script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) @@ -135,25 +136,25 @@ ansible-run-kubernetes-prodnso: - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts - resource_group: dev -ansible-run-kubernetes-dev: - extends: .ansible-run-kubernetes - resource_group: deployment +run-kubernetes-dev: + extends: .run-kubernetes + resource_group: dev before_script: - export STAGE=dev only: - main - schedules -ansible-run-kubernetes-qa: - extends: .ansible-run-kubernetes +run-kubernetes-qa: + extends: .run-kubernetes resource_group: qa before_script: - export STAGE=qa @@ -161,8 +162,8 @@ ansible-run-kubernetes-qa: - qa - schedules -ansible-run-kubernetes-prodnso: - extends: .ansible-run-kubernetes +run-kubernetes-prodnso: + extends: .run-kubernetes resource_group: prodnso before_script: - export STAGE=prodnso @@ -171,20 +172,21 @@ ansible-run-kubernetes-prodnso: - schedules ######## -### https://patorjk.com/software/taag/#p=display&f=Doom&t=management -### _ -### | | -### _ __ ___ __ _ _ __ __ _ __ _ ___ _ __ ___ ___ _ __ | |_ -### | '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '_ ` _ \ / _ \ '_ \| __| -### | | | | | | (_| | | | | (_| | (_| | __/ | | | | | __/ | | | |_ -### |_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_| |_| |_|\___|_| |_|\__| -### __/ | -### |___/ +### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml +### +### _ _ _ +### | (_) | | +### ___ _ __ ___ __ _ _ __ __| |_ __ _ ___ _ _ _ __ ___ | | +### / __| '_ ` _ \ / _` | '__/ _` | |/ _` |/ _ \| | | | '_ ` _ \| | +### \__ \ | | | | | (_| | | | (_| | | (_| | (_) | |_| | | | | | | | +### |___/_| |_| |_|\__,_|_| \__,_|_|\__, |\___(_)__, |_| |_| |_|_| +### __/ | __/ | +### |___/ |___/ -.ansible-management: +.management: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest # A resource group ensures a job is mutually exclusive across different pipelines for the same project. - stage: ansible-update-management + stage: update-management script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) @@ -195,7 +197,7 @@ ansible-run-kubernetes-prodnso: - ssh-add -L - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci + - playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci only: changes: - smardigo/**/* @@ -204,17 +206,17 @@ ansible-run-kubernetes-prodnso: tags: - dind -ansible-management-dev: - extends: .ansible-management - resource_group: deployment +management-dev: + extends: .management + resource_group: dev before_script: - export STAGE=dev only: - main - schedules -ansible-management-qa: - extends: .ansible-management +management-qa: + extends: .management resource_group: qa before_script: - export STAGE=qa @@ -222,8 +224,8 @@ ansible-management-qa: - qa - schedules -ansible-management-prodnso: - extends: .ansible-management +management-prodnso: + extends: .management resource_group: prodnso before_script: - export STAGE=prodnso @@ -232,20 +234,20 @@ ansible-management-prodnso: - schedules ######## -### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday -### _ _ _ -### | | | | | | -### _ __ __ _| |_ ___| |__ __| | __ _ _ _ -### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | | -### | |_) | (_| | || (__| | | | (_| | (_| | |_| | -### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, | -### | | __/ | -### |_| |___/ -### +### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml +### +### _ _ _ _ +### | | | | | | | | +### _ __ __ _| |_ ___| |__ __| | __ _ _ _ _ _ _ __ ___ | | +### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | || | | | '_ ` _ \| | +### | |_) | (_| | || (__| | | | (_| | (_| | |_| || |_| | | | | | | | +### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, (_)__, |_| |_| |_|_| +### | | __/ | __/ | +### |_| |___/ |___/ -.ansible-patchday: +.patchday: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest - stage: ansible-patchday + stage: patchday script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) @@ -256,7 +258,7 @@ ansible-management-prodnso: - ssh-add -L - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci + - playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass when: manual @@ -266,8 +268,8 @@ ansible-management-prodnso: - dind - harbor # 05.02.22 TODO some runners run into timeouts -ansible-patchday-dev: - extends: .ansible-patchday +patchday-dev: + extends: .patchday resource_group: dev before_script: - export STAGE=dev @@ -275,8 +277,8 @@ ansible-patchday-dev: - main - schedules -ansible-patchday-qa: - extends: .ansible-patchday +patchday-qa: + extends: .patchday resource_group: qa before_script: - export STAGE=qa @@ -284,8 +286,8 @@ ansible-patchday-qa: - qa - schedules -ansible-patchday-prodnso: - extends: .ansible-patchday +patchday-prodnso: + extends: .patchday resource_group: prodnso before_script: - export STAGE=prodnso