stages:
  - lint
  - test
  - deploy

variables:
  DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
  RUN: "docker run -it --rm --name $(IMAGE) -v $(pwd):/ansible -v /var/run/docker.sock:/var/run/docker.sock -e ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt --privileged --workdir /ansible $DOCKER_IMAGE"

before_script:
  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  - docker pull $DOCKER_IMAGE

lint:
  stage: lint
  script:
    - $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"
    - $(RUN) bash -c "ansible-lint roles/*"
    - $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt"
  allow_failure: false

test:
  stage: test
  script:
    - $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"
    - $(RUN) bash -c "molecule test --parallel"
    - $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt"
  allow_failure: false

deploy:
  stage: deploy
  script:
    - echo "Deploying roles to production..."
    - $(RUN) bash -c "ansible-playbook /ansible/roles/deploy.yaml"
  only:
    - /^cluster-.*$/