From dc43db99ccea5333cdbb40eaa6d51907aeb62b4d Mon Sep 17 00:00:00 2001
From: Sergey Antropoff <sergey@antropoff.ru>
Date: Mon, 17 Mar 2025 13:57:12 +0300
Subject: [PATCH] =?UTF-8?q?=D0=98=D0=B7=D0=BC=D0=B5=D0=BD=D0=B8=D0=BB=20gi?=
 =?UTF-8?q?tlab-ci=20=D0=B4=D0=B5=D0=BF=D0=BB=D0=BE=D0=B9=D0=BC=D0=B5?=
 =?UTF-8?q?=D0=BD=D1=82.=20=D0=9D=D0=B5=20=D1=82=D0=B5=D1=81=D1=82=D0=B8?=
 =?UTF-8?q?=D0=BB.=20=D0=9D=D1=83=D0=B6=D0=BD=D0=BE=20=D0=BF=D1=80=D0=BE?=
 =?UTF-8?q?=D0=B2=D0=B5=D1=80=D0=B8=D1=82=D1=8C.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gitlab-ci.yml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/gitlab-ci.yml b/gitlab-ci.yml
index d61c044..328732b 100644
--- a/gitlab-ci.yml
+++ b/gitlab-ci.yml
@@ -4,7 +4,8 @@ stages:
   - deploy
 
 variables:
-  DOCKER_IMAGE: "ansible:latest"
+  DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
+  RUN: "docker run -it --rm --name $(IMAGE) -v $(pwd):/ansible -v /var/run/docker.sock:/var/run/docker.sock -e ANSIBLE_VAULT_PASSWORD_FILE=/ansible/vault-password.txt --privileged --workdir /ansible $DOCKER_IMAGE"
 
 before_script:
   - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
@@ -13,19 +14,24 @@ before_script:
 lint:
   stage: lint
   script:
-    - docker run --rm -v $(pwd):/ansible $DOCKER_IMAGE make role lint
+    - $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"
+    - $(RUN) bash -c "ansible-lint roles/*"
+    - $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt"
   allow_failure: false
 
 test:
   stage: test
   script:
-    - docker run --rm -v $(pwd):/ansible $DOCKER_IMAGE make role test
+    - $(RUN) bash -c "ansible-vault decrypt --vault-password-file vault-password.txt vars/secrets.yml"
+    - $(RUN) bash -c "molecule test --parallel"
+    - $(RUN) bash -c "ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file vault-password.txt"
   allow_failure: false
 
 deploy:
   stage: deploy
   script:
-    - docker run --rm -v $(pwd):/ansible $DOCKER_IMAGE make role deploy
+    - echo "Deploying roles to production..."
+    - $(RUN) bash -c "ansible-playbook /ansible/roles/deploy.yaml"
   only:
     - master
     - /^cluster-.*$/