--- variables: AWX_EE_DOCKER_IMAGE_EXTERN: "dev-harbor-01.smardigo.digital/awx/awx-custom-ee" ANSIBLE_HOST_KEY_CHECKING: 'false' ANSIBLE_FORCE_COLOR: 'true' image: docker.dev-at.de/smardigo/smardigo-ci-ansible services: - name: docker-cache.dev-at.de/docker:19-dind alias: docker stages: - ansible-lint - ansible-builder - ansible-run-setup - ansible-run-kubernetes - ansible-patchday ansible-lint-job: stage: ansible-lint script: - echo "Running ansible-lint to check for linting violations" - ansible-lint -c ansible-lint.cfg tags: - dind ansible-builder-job: # A resource group ensures a job is mutually exclusive across different pipelines for the same project. resource_group: deployment stage: ansible-builder before_script: - cd ansible-builder script: - echo "Running ansible-build to build awx execution environment" - ansible-builder build -v 3 --tag $AWX_EE_DOCKER_IMAGE_EXTERN:latest - docker push $AWX_EE_DOCKER_IMAGE_EXTERN:latest only: - master except: - tags tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts ######## ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run ### ### _ _ _ _ _ ### (_) | | | | | | | ### __ _ _ __ ___ _| |__ | | ___ ______ _ __ _ _ _ __ ______ ___ ___| |_ _ _ _ __ _ _ _ __ ___ | | ### / _` | '_ \/ __| | '_ \| |/ _ \ |______| | '__| | | | '_ \ |______| / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| | ### | (_| | | | \__ \ | |_) | | __/ | | | |_| | | | | \__ \ __/ |_| |_| | |_) | |_| | | | | | | | ### \__,_|_| |_|___/_|_.__/|_|\___| |_| \__,_|_| |_| |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_| ### | | __/ | ### |_| |___/ ansible-run-setup-1-dev: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - master - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: dev ansible-run-setup-2-qa: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - master - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: qa ansible-run-setup-3-prodnso: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --tags common --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - master - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: prodnso ######## ### https://patorjk.com/software/taag/#p=display&f=Doom&t=ansible%20-%20run ### ### _ _ _ _ _ _ _ ### (_) | | | | | | | | | | | ### __ _ _ __ ___ _| |__ | | ___ ______ _ __ _ _ _ __ ______ | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | | ### / _` | '_ \/ __| | '_ \| |/ _ \ |______| | '__| | | | '_ \ |______| | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| | ### | (_| | | | \__ \ | |_) | | __/ | | | |_| | | | | | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | | ### \__,_|_| |_|___/_|_.__/|_|\___| |_| \__,_|_| |_| |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_| ### __/ | ### |___/ ansible-run-kubernetes-1-dev: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' - ssh-add -L script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - master - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: dev ansible-run-kubernetes-2-qa: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - master - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: qa ansible-run-kubernetes-3-prodnso: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-run-setup before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass only: - master - schedules tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: prodnso ######## ### https://patorjk.com/software/taag/#p=display&f=Doom&t=patchday ### _ _ _ ### | | | | | | ### _ __ __ _| |_ ___| |__ __| | __ _ _ _ ### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | | ### | |_) | (_| | || (__| | | | (_| | (_| | |_| | ### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, | ### | | __/ | ### |_| |___/ ### ansible-patchday-1-dev: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-patchday before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - STAGE=dev && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass when: manual tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: dev ansible-patchday-2-qa: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-patchday before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - STAGE=qa && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass when: manual tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: qa ansible-patchday-3-prodnso: image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest stage: ansible-patchday before_script: - 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -' - mkdir -p ~/.ssh - chmod 0700 ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config' script: - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - STAGE=prodnso && HETZNER_LABEL_SELECTOR="stage=${STAGE}" && ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci after_script: - rm /tmp/vault-pass when: manual tags: - dind - harbor # 05.02.22 TODO some runners run into timeouts resource_group: prodnso