diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..2e5574a --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,57 @@ +stages: + - lint + - test + - deploy + +services: + - name: docker:dind + command: ["--tls=false"] + +variables: + DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest" + DOCKER_TLS_CERTDIR: "" + +before_script: + - echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin + - docker pull $DOCKER_IMAGE + - echo "Fixing directory permissions..." + - chmod o-w $CI_PROJECT_DIR + +lint: + stage: lint + script: + - echo "Начинаем стейдж Lint" + - echo "Распаковываем секреты..." + - ansible-vault decrypt vars/secrets.yml --vault-password-file ./vault-password.txt + - echo "Запускаем ansible-lint..." + - ansible-lint roles/* + - echo "Упаковываем секреты..." + - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt + allow_failure: false + +test: + stage: test + script: + - echo "Распаковываем секреты..." + - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml + - echo "Запускаем тесты через Молекулу..." + - molecule test --parallel + - echo "Упаковываем секреты..." + - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt + allow_failure: false + +deploy: + stage: deploy + script: + - echo "Распаковываем секреты..." + - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml + - echo "Все ок. Деплоим в прод..." + - ansible-playbook roles/deploy.yaml + - echo "Упаковываем секреты..." + - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt + only: + - /^cluster-.*$/ + +after_script: + - echo "Removing symlink..." + #- rm -rf /ansible diff --git a/Makefile b/Makefile index 549fe30..a2802ee 100644 --- a/Makefile +++ b/Makefile @@ -29,13 +29,14 @@ view create edit show delete test lint deploy new init build rebuild prune relea #################################################################################################### init: @echo "Шаг 1: Создание Docker-образа..." - @make docker rebuild + @make docker build @echo "Шаг 2: Создание нового vault-файла с паролем..." @read -p "Введите пароль для vault: " VAULT_PASSWORD; \ echo "$$VAULT_PASSWORD" > vault-password.txt; \ make vault create @echo "Шаг 3: Создание нового брэнча в гите..." @make git new + @echo "Шаг 4: Создание новой роли..." @make role new diff --git a/gitlab-ci.yml b/gitlab-ci.yml index 6c18061..2e5574a 100644 --- a/gitlab-ci.yml +++ b/gitlab-ci.yml @@ -12,23 +12,17 @@ variables: DOCKER_TLS_CERTDIR: "" before_script: - - rm -rf /ansible - echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin - docker pull $DOCKER_IMAGE - echo "Fixing directory permissions..." - chmod o-w $CI_PROJECT_DIR - #- mkdir -p /ansible - #- cp -rs "$CI_PROJECT_DIR"/* /ansible/ - #- find "$CI_PROJECT_DIR" -mindepth 1 -exec ln -s {} /ansible \; - #- ln -s "$CI_PROJECT_DIR/vault-password.txt" /ansible/vault_password.txt lint: stage: lint script: - - echo "Сначала покажем содержимое каталога /ansible" - - ls -l /ansible + - echo "Начинаем стейдж Lint" - echo "Распаковываем секреты..." - - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml + - ansible-vault decrypt vars/secrets.yml --vault-password-file ./vault-password.txt - echo "Запускаем ansible-lint..." - ansible-lint roles/* - echo "Упаковываем секреты..." @@ -52,7 +46,7 @@ deploy: - echo "Распаковываем секреты..." - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml - echo "Все ок. Деплоим в прод..." - - ansible-playbook /ansible/roles/deploy.yaml + - ansible-playbook roles/deploy.yaml - echo "Упаковываем секреты..." - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt only: @@ -60,4 +54,4 @@ deploy: after_script: - echo "Removing symlink..." - - rm -rf /ansible + #- rm -rf /ansible