Ansible/PatroniConfig
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PatroniConfig/.gitlab-ci.yml
Sergey Antropoff 8242af3182 First commit
2025-03-31 21:33:34 +03:00

89 lines
3.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

stages:
- lint
# - test
- deploy
- notify
services:
- name: docker:dind
command: ["--tls=false"]
variables:
DOCKER_IMAGE: "hub.antropoff.ru/ansible/ansible:latest"
DOCKER_TLS_CERTDIR: ""
ANSIBLE_FORCE_COLOR: "true"
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login hub.antropoff.ru -u "$CI_REGISTRY_USER" --password-stdin
- docker pull $DOCKER_IMAGE
- echo "Fixing directory permissions..."
- chmod o-w $CI_PROJECT_DIR
lint:
stage: lint
script:
- echo "Начинаем стейдж Lint"
- echo "Распаковываем секреты..."
- ansible-vault decrypt vars/secrets.yml --vault-password-file ./vault-password.txt
- echo "Запускаем ansible-lint..."
- ansible-lint roles/*
- echo "Упаковываем секреты..."
- ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
allow_failure: false
rules:
- if: $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "master"
#test:
# stage: test
# script:
# - echo "Распаковываем секреты..."
# - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
# - echo "Запускаем тесты через Молекулу..."
# - molecule test --parallel --destroy=always
# - echo "Упаковываем секреты..."
# - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
# allow_failure: false
# rules:
# - if: $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "master"
deploy:
stage: deploy
script:
- echo "Настраиваем SSH-ключ для доступа к серверам..."
# Создаем директорию .ssh и настраиваем права доступа
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
# Записываем SSH-ключ в файл ~/.ssh/id_rsa
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
# Запускаем основной пайплайн
- echo "Распаковываем секреты..."
- ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
- echo "Все ок. Деплоим в прод..."
- ansible-playbook roles/deploy.yaml
- echo "Упаковываем секреты..."
- ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
# Удаляем ключ
- rm -rf ~/.ssh
rules:
- if: $CI_COMMIT_REF_NAME != "main" && $CI_COMMIT_REF_NAME != "master"
when: manual
notify:
stage: notify
script:
- |
if [ "$CI_JOB_STATUS" == "success" ]; then
MESSAGE="✅ Настройки кластера успешно завершены!%0AПроект: $CI_PROJECT_NAME%0AВетка: $CI_COMMIT_REF_NAME%0AСтатус: $CI_JOB_STATUS"
else
MESSAGE="❌ Настройки кластера были произведены с ошибкой!%0AПроект: $CI_PROJECT_NAME%0AВетка: $CI_COMMIT_REF_NAME%0AСтатус: $CI_JOB_STATUS"
fi
# curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \
# -d "chat_id=$TELEGRAM_CHAT_ID" \
# -d "text=$MESSAGE"
rules:
- if: $CI_JOB_STATUS # Отправлять уведомление только после завершения пайплайна
after_script:
- echo "Работа пайплайна завершена"
Reference in New Issue View Git Blame Copy Permalink