gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b7eb30c7d4'
${ noResults }
hetzner-ansible/.gitlab-ci.yml

288 lines
8.7 KiB
YAML
Raw Blame History

---
variables:
AWX_EE_DOCKER_IMAGE_EXTERN: "dev-harbor-01.smardigo.digital/awx/awx-custom-ee"
ANSIBLE_HOST_KEY_CHECKING: 'false'
ANSIBLE_FORCE_COLOR: 'true'
image: docker.dev-at.de/smardigo/smardigo-ci-ansible
services:
- name: docker-cache.dev-at.de/docker:19-dind
alias: docker
stages:
- lint
- ansible-builder
- run-setup
- run-kubernetes
- run-management-update
- run-patchday
lint-job:
stage: lint
script:
- echo "Running lint to check for linting violations"
- ansible-lint -c ansible-lint.cfg
only:
- branches
except:
- schedules
tags:
- dind
builder-job:
# A resource group ensures a job is mutually exclusive across different pipelines for the same project.
resource_group: dev
stage: ansible-builder
before_script:
- cd ansible-builder
script:
- echo "Running ansible-builder to build awx execution environment"
- ansible-builder build -v 3 --tag $AWX_EE_DOCKER_IMAGE_EXTERN:latest
- docker push $AWX_EE_DOCKER_IMAGE_EXTERN:latest
only:
refs:
- main
changes:
- pip-requirements
- galaxy-requirements.yml
- ansible-builder/**/*
except:
- schedules
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
##################################################################################
.run-ansible:
image: $AWX_EE_DOCKER_IMAGE_EXTERN:latest
tags:
- dind
- harbor # 05.02.22 TODO some runners run into timeouts
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=setup.yml
###
### _ _
### | | | |
### ___ ___| |_ _ _ _ __ _ _ _ __ ___ | |
### / __|/ _ \ __| | | | '_ \| | | | '_ ` _ \| |
### \__ \ __/ |_| |_| | |_) | |_| | | | | | | |
### |___/\___|\__|\__,_| .__(_)__, |_| |_| |_|_|
### | | __/ |
### |_| |___/
.run-setup:
extends: .run-ansible
stage: run-setup
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml setup.yml --vault-password-file /tmp/vault-pass -t common -u gitlabci
after_script:
- rm /tmp/vault-pass
run-setup-dev:
extends: .run-setup
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
run-setup-qa:
extends: .run-setup
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
run-setup-prodnso:
extends: .run-setup
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
########
### This Page: http://patorjk.com/software/taag/#p=display&f=Doom&t=kubernetes.yml
###
### _ _ _ _
### | | | | | | | |
### | | ___ _| |__ ___ _ __ _ __ ___| |_ ___ ___ _ _ _ __ ___ | |
### | |/ / | | | '_ \ / _ \ '__| '_ \ / _ \ __/ _ \/ __|| | | | '_ ` _ \| |
### | <| |_| | |_) | __/ | | | | | __/ || __/\__ \| |_| | | | | | | |
### |_|\_\\__,_|_.__/ \___|_| |_| |_|\___|\__\___||___(_)__, |_| |_| |_|_|
### __/ |
### |___/
.run-kubernetes:
extends: .run-ansible
stage: run-kubernetes
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml kubernetes.yml --vault-password-file /tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
run-kubernetes-dev:
extends: .run-kubernetes
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
run-kubernetes-qa:
extends: .run-kubernetes
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
run-kubernetes-prodnso:
extends: .run-kubernetes
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=smardigo.yml
###
### _ _ _
### | (_) | |
### ___ _ __ ___ __ _ _ __ __| |_ __ _ ___ _ _ _ __ ___ | |
### / __| '_ ` _ \ / _` | '__/ _` | |/ _` |/ _ \| | | | '_ ` _ \| |
### \__ \ | | | | | (_| | | | (_| | | (_| | (_) | |_| | | | | | | |
### |___/_| |_| |_|\__,_|_| \__,_|_|\__, |\___(_)__, |_| |_| |_|_|
### __/ | __/ |
### |___/ |___/
.run-management-update:
extends: .run-ansible
stage: run-management-update
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-$STAGE smardigo.yml --vault-password-file=/tmp/vault-pass -l management -t update_configurations -u gitlabci
after_script:
- rm /tmp/vault-pass
only:
changes:
- smardigo/**/*
run-management-update-dev:
extends: .run-management-update
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
run-management-update-qa:
extends: .run-management-update
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
run-management-update-prodnso:
extends: .run-management-update
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
########
### http://patorjk.com/software/taag/#p=display&f=Doom&t=patchday.yml
###
### _ _ _ _
### | | | | | | | |
### _ __ __ _| |_ ___| |__ __| | __ _ _ _ _ _ _ __ ___ | |
### | '_ \ / _` | __/ __| '_ \ / _` |/ _` | | | || | | | '_ ` _ \| |
### | |_) | (_| | || (__| | | | (_| | (_| | |_| || |_| | | | | | | |
### | .__/ \__,_|\__\___|_| |_|\__,_|\__,_|\__, (_)__, |_| |_| |_|_|
### | | __/ | __/ |
### |_| |___/ |___/
.run-patchday:
extends: .run-ansible
stage: run-patchday
script:
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- 'echo "$GITLAB_SSH_KEY" | tr -d "\r" | ssh-add -'
- mkdir -p ~/.ssh
- chmod 0700 ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config'
- ssh-add -L
- export HETZNER_LABEL_SELECTOR="stage=${STAGE}"
- ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci
after_script:
- rm /tmp/vault-pass
timeout: 2h
when: manual
run-patchday-dev:
extends: .run-patchday
resource_group: dev
before_script:
- export STAGE=dev
- echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass
only:
- main
run-patchday-qa:
extends: .run-patchday
resource_group: qa
before_script:
- export STAGE=qa
- echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass
only:
- qa
run-patchday-prodnso:
extends: .run-patchday
resource_group: prodnso
before_script:
- export STAGE=prodnso
- echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass
only:
- prodnso
Reference in New Issue View Git Blame Copy Permalink