stages:
  - lint
  - test
  - deploy

services:
  - name: docker:dind
    command: ["--tls=false"]

variables:
  DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
  DOCKER_TLS_CERTDIR: ""
  ANSIBLE_FORCE_COLOR: "true"

before_script:
  - echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin
  - docker pull $DOCKER_IMAGE
  - echo "Fixing directory permissions..."
  - chmod o-w $CI_PROJECT_DIR

lint:
  stage: lint
  script:
    - echo "Начинаем стейдж Lint"
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt vars/secrets.yml --vault-password-file ./vault-password.txt
    - echo "Запускаем ansible-lint..."
    - ansible-lint roles/*
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  allow_failure: false

test:
  stage: test
  script:
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Запускаем тесты через Молекулу..."
    - molecule test --parallel
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  allow_failure: false

deploy:
  stage: deploy
  script:
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Все ок. Деплоим в прод..."
    - ansible-playbook roles/deploy.yaml
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  only:
    - /^cluster-.*$/

after_script:
  - echo "Removing symlink..."
  #- rm -rf /ansible