--- variables: AWX_EE_DOCKER_IMAGE_EXTERN: "harbor-01.smardigo.digital/awx/awx-custom-ee" ANSIBLE_HOST_KEY_CHECKING: "false" ANSIBLE_FORCE_COLOR: "true" image: docker.dev-at.de/smardigo/smardigo-ci-ansible services: - name: docker-cache.dev-at.de/docker:19-dind alias: docker stages: - lint - ansible-builder - run-setup - run-setup-digitalocean - run-update - run-patchday-elastic-postgres - run-patchday-all-k8s - run-hcloud-firewall lint-job: stage: lint script: - echo "Running lint to check for linting violations" - ansible-lint -c ansible-lint.cfg only: - branches except: - schedules tags: - dind .builder-job: stage: ansible-builder script: - cp $SSH_KEY_GITLAB_CI_BUILDER_FILE ansible-builder/context/id_ed25519 - echo "Running docker build to build awx execution environment" - docker build -f ansible-builder/context/Dockerfile -t ${STAGE}-$AWX_EE_DOCKER_IMAGE_EXTERN:latest . - docker push ${STAGE}-${AWX_EE_DOCKER_IMAGE_EXTERN}:latest except: - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts .builder-job-dev: extends: .builder-job resource_group: dev before_script: - export STAGE=dev only: refs: - main builder-job-dev-automatic: extends: .builder-job-dev only: changes: - pip-requirements - galaxy-requirements.yml - ansible-builder/**/* builder-job-dev-manual: extends: .builder-job-dev when: manual .builder-job-qa: extends: .builder-job resource_group: qa before_script: - export STAGE=qa only: refs: - qa builder-job-qa-automatic: extends: .builder-job-qa only: changes: - pip-requirements - galaxy-requirements.yml - ansible-builder/**/* builder-job-qa-manual: extends: .builder-job-qa when: manual .builder-job-prodnso: extends: .builder-job resource_group: prodnso before_script: - export STAGE=prodnso only: refs: - prodnso builder-job-prodnso-automatic: extends: .builder-job-prodnso only: changes: - pip-requirements - galaxy-requirements.yml - ansible-builder/**/* builder-job-prodnso-manual: extends: .builder-job-prodnso when: manual ################################################################################## .run-ansible: image: dev-$AWX_EE_DOCKER_IMAGE_EXTERN:latest # hardcoded DEV Stage Image, couldn't find better option for now, since image name cant be set dynamically tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml ### ### _ _ ### | | | | ### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | ### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | ### \__ \ __/ |_| |_| | |_) | |_| | | | | | | | ### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| ### | | __/ | ### |_| |___/ .run-setup: extends: .run-ansible stage: run-setup script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass except: - schedules run-setup-dev: extends: .run-setup resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-setup-devscr: extends: .run-setup resource_group: devscr before_script: - export STAGE=devscr - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-setup-qa: extends: .run-setup resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-setup-prodnso: extends: .run-setup resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-setup-prodwork01: extends: .run-setup resource_group: prodwork01 before_script: - export STAGE=prodwork01 - echo "${ANSIBLE_VAULT_PASS_PRODWORK01}" > /tmp/vault-pass only: - prodnso run-setup-demompmx: extends: .run-setup resource_group: demompmx before_script: - export STAGE=demompmx - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass only: - prodnso ################################################################################## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=vpn.yml ### _ ### | | ### __ ___ __ _ __ _ _ _ __ ___ | | ### \ \ / / '_ \| '_ \ | | | | '_ ` _ \| | ### \ V /| |_) | | | || |_| | | | | | | | ### \_/ | .__/|_| |_(_)__, |_| |_| |_|_| ### | | __/ | ### |_| |___/ ### .vpn-config-update: extends: .run-ansible # A resource group ensures a job is mutually exclusive across different pipelines for the same project. stage: run-update script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml vpn.yml --vault-password-file /tmp/vault-pass -u gitlabci only: changes: - usser/**/wireguard.yml except: - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts vpn-config-update-dev: extends: .vpn-config-update # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main vpn-config-update-qa: extends: .vpn-config-update # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa vpn-config-update-prodnso: extends: .vpn-config-update # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml ### ### _ _ _ ### | (_) | | ### ___ _ __ ___ __ _ _ __ __| |_ __ _ ___ _ _ _ __ ___ | | ### / __| '_ ` _ \ / _` | '__/ _` | |/ _` |/ _ \| | | | '_ ` _ \| | ### \__ \ | | | | | (_| | | | (_| | | (_| | (_) | |_| | | | | | | | ### |___/_| |_| |_|\__,_|_| \__,_|_|\__, |\___(_)__, |_| |_| |_|_| ### __/ | __/ | ### |___/ |___/ .run-management-update: extends: .run-ansible stage: run-update script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci after_script: - rm /tmp/vault-pass only: changes: - smardigo/**/* except: - schedules run-management-update-dev: extends: .run-management-update resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-management-update-qa: extends: .run-management-update resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-management-update-prodnso: extends: .run-management-update resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-management-update-demompmx: extends: .run-management-update resource_group: demompmx before_script: - export STAGE=demompmx - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass only: - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml ### ### _ _ _ _ ### | | | | | | | | ### _ __ __ _| |_ ___| |__ __| | __ _ _ _ _ _ _ __ ___ | | ### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | || | | | '_ ` _ \| | ### | |_) | (_| | || (__| | | | (_| | (_| | |_| || |_| | | | | | | | ### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, (_)__, |_| |_| |_|_| ### | | __/ | __/ | ### |_| |___/ |___/ .run-patchday: extends: .run-ansible before_script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L timeout: 2h run-patchday-elastic-dev: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: dev script: - export STAGE=dev - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-postgres-dev: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: dev script: - export STAGE=dev - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-all-dev: extends: .run-patchday stage: run-patchday-all-k8s resource_group: dev script: - export STAGE=dev - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-k8s-dev: extends: .run-patchday stage: run-patchday-all-k8s resource_group: dev script: - export STAGE=dev - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-k8s-devscr: extends: .run-patchday stage: run-patchday-all-k8s resource_group: devscr script: - export STAGE=devscr - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEVSCR}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" run-patchday-elastic-qa: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: qa script: - export STAGE=qa - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" run-patchday-postgres-qa: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: qa script: - export STAGE=qa - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" run-patchday-all-qa: extends: .run-patchday stage: run-patchday-all-k8s resource_group: qa script: - export STAGE=qa - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" run-patchday-k8s-qa: extends: .run-patchday stage: run-patchday-all-k8s resource_group: qa script: - export STAGE=qa - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" run-patchday-elastic-prodnso: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'elastic' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-postgres-prodnso: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-prodnso: extends: .run-patchday stage: run-patchday-all-k8s resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-k8s-prodnso: extends: .run-patchday stage: run-patchday-all-k8s resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-prodwork01: extends: .run-patchday stage: run-patchday-all-k8s resource_group: prodwork01 script: - export STAGE=prodwork01 - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-k8s-prodwork01: extends: .run-patchday stage: run-patchday-all-k8s resource_group: prodwork01 script: - export STAGE=prodwork01 - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-postgres-demompmx: extends: .run-patchday stage: run-patchday-elastic-postgres resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'postgres' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-all-demompmx: extends: .run-patchday stage: run-patchday-all-k8s resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" run-patchday-k8s-demompmx: extends: .run-patchday stage: run-patchday-all-k8s resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=hcloud-firewall.yml ### ### _ _ _ __ _ _ _ _ ### | | | | | | / _(_) | | | | | ### | |__ ___| | ___ _ _ __| | | |_ _ _ __ _____ ____ _| | | _ _ _ __ ___ | | ### | '_ \ / __| |/ _ \| | | |/ _` | | _| | '__/ _ \ \ /\ / / _` | | || | | | '_ ` _ \| | ### | | | | (__| | (_) | |_| | (_| | | | | | | | __/\ V V / (_| | | || |_| | | | | | | | ### |_| |_|\___|_|\___/ \__,_|\__,_| |_| |_|_| \___| \_/\_/ \__,_|_|_(_)__, |_| |_| |_|_| ### ______ __/ | ### |______| |___/ ### .run-hcloud-firewall: extends: .run-ansible stage: run-hcloud-firewall script: - ansible-playbook -e "stage=${STAGE}" hcloud_firewall.yml --vault-password-file /tmp/vault-pass after_script: - rm /tmp/vault-pass except: - schedules run-hcloud-firewall-dev: extends: .run-hcloud-firewall resource_group: dev before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-hcloud-firewall-devscr: extends: .run-hcloud-firewall resource_group: devscr before_script: - export STAGE=devscr - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass only: - main run-hcloud-firewall-qa: extends: .run-hcloud-firewall resource_group: qa before_script: - export STAGE=qa - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass only: - qa run-hcloud-firewall-prodnso: extends: .run-hcloud-firewall resource_group: prodnso before_script: - export STAGE=prodnso - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass only: - prodnso run-hcloud-firewall-prodwork01: extends: .run-hcloud-firewall resource_group: prodwork01 before_script: - export STAGE=prodwork01 - echo "${ANSIBLE_VAULT_PASS_PRODWORK01}" > /tmp/vault-pass only: - prodnso run-hcloud-firewall-demompmx: extends: .run-hcloud-firewall resource_group: demompmx before_script: - export STAGE=demompmx - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass only: - prodnso ######## ### http://patorjk.com/software/taag/#p=display&f=Doom&t=Digitialocean ### ### ______ _ _ _ _ _ ### | _ (_) (_) | (_) | | ### | | | |_ __ _ _| |_ _ __ _| | ___ ___ ___ __ _ _ __ ### | | | | |/ _` | | __| |/ _` | |/ _ \ / __/ _ \/ _` | '_ \ ### | |/ /| | (_| | | |_| | (_| | | (_) | (_| __/ (_| | | | | ### |___/ |_|\__, |_|\__|_|\__,_|_|\___/ \___\___|\__,_|_| |_| ### __/ | ### |___/ run-setup-digitalocean: extends: .run-ansible stage: run-setup before_script: - export STAGE=dev - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - ansible-playbook -i stage-digitalocean setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci - ansible-playbook -i stage-digitalocean external_monitoring.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci after_script: - rm /tmp/vault-pass only: - main except: - schedules run-patchday-dev-digitalocean: extends: .run-ansible stage: run-patchday-all-k8s before_script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass script: - "command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )" - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L - ansible-playbook -i stage-digitalocean patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass timeout: 2h rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main"