stages:
  - lint
  - test
  - deploy

services:
  - name: docker:dind
    command: ["--tls=false"]

variables:
  DOCKER_IMAGE: "hub.cism-ms.ru/ansible/ansible:latest"
  DOCKER_TLS_CERTDIR: ""

before_script:
  - rm -rf /ansible
  - echo "$CI_REGISTRY_PASSWORD" | docker login hub.cism-ms.ru -u "$CI_REGISTRY_USER" --password-stdin
  - docker pull $DOCKER_IMAGE
  - echo "Fixing directory permissions..."
  - chmod o-w $CI_PROJECT_DIR
  #- mkdir -p /ansible
  #- cp -rs "$CI_PROJECT_DIR"/* /ansible/
  #- find "$CI_PROJECT_DIR" -mindepth 1 -exec ln -s {} /ansible \;
  #- ln -s "$CI_PROJECT_DIR/vault-password.txt" /ansible/vault_password.txt

lint:
  stage: lint
  script:
    - echo "Сначала покажем содержимое каталога /ansible"
    - ls -l /ansible
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Запускаем ansible-lint..."
    - ansible-lint roles/*
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  allow_failure: false

test:
  stage: test
  script:
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Запускаем тесты через Молекулу..."
    - molecule test --parallel
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  allow_failure: false

deploy:
  stage: deploy
  script:
    - echo "Распаковываем секреты..."
    - ansible-vault decrypt --vault-password-file ./vault-password.txt vars/secrets.yml
    - echo "Все ок. Деплоим в прод..."
    - ansible-playbook /ansible/roles/deploy.yaml
    - echo "Упаковываем секреты..."
    - ansible-vault encrypt vars/secrets.yml --encrypt-vault-id default --vault-password-file ./vault-password.txt
  only:
    - /^cluster-.*$/

after_script:
  - echo "Removing symlink..."
  - rm -rf /ansible