--- variables: AWX_EE_DOCKER_IMAGE_EXTERN: "harbor-01.smardigo.digital/awx/awx-custom-ee" ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_FORCE_COLOR: "true" image: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest services: - name: docker.dev-at.de/gitlab/gitlab-ci-ansible:latest alias: docker stages: - lint - ansible-builder - run-setup - run-setup-digitalocean - run-update - run-patchday-harbor - run-patchday-elastic - run-patchday-database - run-patchday-all - run-hcloud-firewall ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=lint ### _ _ _ ### | (_) | | ### | |_ _ __ | |_ ### | | | '_ \| __| ### | | | | | | |_ ### |_|_|_| |_|\__| ### ############################################################################### lint-job: stage: lint script: - echo "Running lint to check for linting violations" - ansible-lint -c ansible-lint.cfg only: - branches except: - schedules tags: - dind ############################################################################### ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible-builder ### _ _ _ _ _ _ _ ### (_) | | | | | (_) | | | ### __ _ _ __ ___ _| |__ | | ___ ______| |__ _ _ _| | __| | ___ _ __ ### / _` | '_ \/ __| | '_ \| |/ _ \______| '_ \| | | | | |/ _` |/ _ \ '__| ### | (_| | | | \__ \ | |_) | | __/ | |_) | |_| | | | (_| | __/ | ### \__,_|_| |_|___/_|_.__/|_|\___| |_.__/ \__,_|_|_|\__,_|\___|_| ### ############################################################################### .builder-job: stage: ansible-builder before_script: - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME" script: - cp $SSH_KEY_GITLAB_CI_BUILDER_FILE ansible-builder/context/id_ed25519 - echo "Running ansible-builder to build awx execution environment" - ansible-builder build -f ansible-builder/execution-environment.yml --tag ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest -c ansible-builder/context - docker push ${CI_ENVIRONMENT_NAME}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest except: - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts .builder-job-devnso: extends: .builder-job environment: devnso resource_group: devnso before_script: - export STAGE=devnso only: refs: - main builder-job-devnso-automatic: extends: .builder-job-devnso only: changes: - pip-requirements - galaxy-requirements.yml - ansible-builder/**/* builder-job-devnso-manual: extends: .builder-job-devnso when: manual .builder-job-prodnso: extends: .builder-job environment: prodnso resource_group: prodnso before_script: - export STAGE=prodnso only: refs: - prodnso builder-job-prodnso-automatic: extends: .builder-job-prodnso only: changes: - pip-requirements - galaxy-requirements.yml - ansible-builder/**/* builder-job-prodnso-manual: extends: .builder-job-prodnso when: manual ############################################################################### # Environment specific AWX image from predefined variable $CI_ENVIRONMENT_NAME .run-ansible: image: $CI_ENVIRONMENT_NAME-$AWX_EE_DOCKER_IMAGE_EXTERN:latest tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml ### _ _ ### | | | | ### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | ### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | ### \__ \ __/ |_| |_| | |_) | |_| | | | | | | | ### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| ### | | __/ | ### |_| |___/ ### ############################################################################### .run-setup: extends: .run-ansible stage: run-setup before_script: - echo "CI_ENVIRONMENT_NAME=$CI_ENVIRONMENT_NAME" script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass except: - schedules run-setup-devnso: extends: .run-setup environment: devnso resource_group: devnso before_script: - export STAGE=devnso - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass only: - main run-setup-prodnso: extends: .run-setup environment: prodnso resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-setup-demompmx: extends: .run-setup environment: prodnso resource_group: demompmx before_script: - export STAGE=demompmx - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass only: - prodnso ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml ### _ ### | | ### __ ___ __ _ __ _ _ _ __ ___ | | ### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| | ### \ V /| |_) | | | || |_| | | | | | | | ### \_/ | .__/|_| |_(_)__, |_| |_| |_|_| ### | | __/ | ### |_| |___/ ### ############################################################################### .vpn-config-update: extends: .run-ansible # A resource group ensures a job is mutually exclusive across different pipelines for the same project. stage: run-update script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci only: changes: - usser/**/wireguard.yml except: - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts run-vpn-update-devnso: extends: .vpn-config-update environment: devnso # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: devnso before_script: - export STAGE=devnso - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass only: - main run-vpn-update-prodnso: extends: .vpn-config-update environment: prodnso # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml ### ### _ _ _ ### | (_) | | ### ___ _ __ ___ __ _ _ __ __| |_ __ _ ___ _ _ _ __ ___ | | ### / __| '_ ` _ \ / _` | '__/ _` | |/ _` |/ _ \| | | | '_ ` _ \| | ### \__ \ | | | | | (_| | | | (_| | | (_| | (_) | |_| | | | | | | | ### |___/_| |_| |_|\__,_|_| \__,_|_|\__, |\___(_)__, |_| |_| |_|_| ### __/ | __/ | ### |___/ |___/ ### ############################################################################### .run-management-update: extends: .run-ansible stage: run-update script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci after_script: - rm /tmp/vault-pass only: changes: - smardigo/**/* except: - schedules run-management-update-devnso: extends: .run-management-update environment: devnso resource_group: devnso before_script: - export STAGE=devnso - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass only: - main run-management-update-prodnso: extends: .run-management-update environment: prodnso resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-management-update-demompmx: extends: .run-management-update environment: prodnso resource_group: demompmx before_script: - export STAGE=demompmx - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass only: - prodnso ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml ### _ _ _ _ ### | | | | | | | | ### _ __ __ _| |_ ___| |__ __| | __ _ _ _ _ _ _ __ ___ | | ### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | || | | | '_ ` _ \| | ### | |_) | (_| | || (__| | | | (_| | (_| | |_| || |_| | | | | | | | ### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, (_)__, |_| |_| |_|_| ### | | __/ | __/ | ### |_| |___/ |___/ ### ############################################################################### .run-patchday: extends: .run-ansible before_script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L timeout: 2h run-patchday-harbor-devnso: extends: .run-patchday environment: devnso stage: run-patchday-harbor resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'harbor' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-elastic-devnso: extends: .run-patchday environment: devnso stage: run-patchday-elastic resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" when: manual # Disable automatic execution of this Stage. We have no Elastic hosts in devnso currently. run-patchday-database-postgres-devnso: extends: .run-patchday environment: devnso stage: run-patchday-database resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-database-maria-devnso: extends: .run-patchday environment: devnso stage: run-patchday-database resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-all-devnso: extends: .run-patchday environment: devnso stage: run-patchday-all resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!harbor:!elastic:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-all-k8s-devnso: extends: .run-patchday environment: devnso stage: run-patchday-all resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-harbor-prodnso: extends: .run-patchday environment: prodnso stage: run-patchday-harbor resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'harbor' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-elastic-prodnso: extends: .run-patchday environment: prodnso stage: run-patchday-elastic resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" when: manual # Disable automatic execution of this Stage. We have no Elastic hosts in devnso currently. run-patchday-database-postgres-prodnso: extends: .run-patchday environment: prodnso stage: run-patchday-database resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-database-maria-prodnso: extends: .run-patchday environment: prodnso stage: run-patchday-database resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-prodnso: extends: .run-patchday environment: prodnso stage: run-patchday-all resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!harbor:!elastic:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-k8s-prodnso: extends: .run-patchday environment: prodnso stage: run-patchday-all resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-database-postgres-demompmx: extends: .run-patchday environment: prodnso stage: run-patchday-database resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-database-maria-demompmx: extends: .run-patchday environment: prodnso stage: run-patchday-database resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-demompmx: extends: .run-patchday environment: prodnso stage: run-patchday-all resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-k8s-demompmx: extends: .run-patchday environment: prodnso stage: run-patchday-all resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml ### ### _ _ _ __ _ _ _ _ ### | | | | | | / _(_) | | | | | ### | |__ ___| | ___ _ _ __| |______| |_ _ _ __ _____ ____ _| | | _ _ _ __ ___ | | ### | '_ \ / __| |/ _ \| | | |/ _` |______| _| | '__/ _ \ \ /\ / / _` | | || | | | '_ ` _ \| | ### | | | | (__| | (_) | |_| | (_| | | | | | | | __/\ V V / (_| | | || |_| | | | | | | | ### |_| |_|\___|_|\___/ \__,_|\__,_| |_| |_|_| \___| \_/\_/ \__,_|_|_(_)__, |_| |_| |_|_| ### __/ | ### |___/ ### ############################################################################### .run-hcloud-firewall: extends: .run-ansible stage: run-hcloud-firewall script: - ansible-playbook -e "stage=${STAGE}" hcloud_firewall.yml --vault-password-file /tmp/vault-pass after_script: - rm /tmp/vault-pass except: - schedules run-hcloud-firewall-devnso: extends: .run-hcloud-firewall environment: devnso resource_group: devnso before_script: - export STAGE=devnso - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass only: - main run-hcloud-firewall-prodnso: extends: .run-hcloud-firewall environment: prodnso resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-hcloud-firewall-demompmx: extends: .run-hcloud-firewall environment: prodnso resource_group: demompmx before_script: - export STAGE=demompmx - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass only: - prodnso ############################################################################### ### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean ### ### ______ _ _ _ _ _ ### | _ (_) (_) | (_) | | ### | | | |_ __ _ _| |_ _ __ _| | ___ ___ ___ __ _ _ __ ### | | | | |/ _` | | __| |/ _` | |/ _ \ / __/ _ \/ _` | '_ \ ### | |/ /| | (_| | | |_| | (_| | | (_) | (_| __/ (_| | | | | ### |___/ |_|\__, |_|\__|_|\__,_|_|\___/ \___\___|\__,_|_| |_| ### __/ | ### |___/ ### ############################################################################### run-setup-digitalocean: extends: .run-ansible environment: devnso stage: run-setup before_script: - export STAGE=devnso - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - ansible-playbook -i stage-digitalocean setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci - ansible-playbook -i stage-digitalocean smardigo.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - main except: - schedules run-patchday-devnso-digitalocean: extends: .run-ansible environment: devnso stage: run-patchday-all before_script: - echo "${ANSIBLE_VAULT_PASS_DEVNSO}" > /tmp/vault-pass script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - ansible-playbook -i stage-digitalocean patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass timeout: 2h rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"