gitlab-ci.yml

---

## VARIABLES
variables:
  REPOSITORY:
    value: ""
    description: "ОБЯЗАТЕЛЬНАЯ ПЕРЕМЕННАЯ: указываем имя репозитория с плейбуком"
  PLAYBOOK:
    value: ""
    description: "неОБЯЗАТЕЛЬНАЯ ПЕРЕМЕННАЯ: указываем имя (и путь до) плейбука"
  PARAMETERS:
    value: ""
    description: "неОБЯЗАТЕЛЬНАЯ ПЕРЕМЕННАЯ: Передаём нужные параметры"

##########################################################################################################

## PIPELINE DEFINITION
stages:
  - check
  - deploy

##########################################################################################################

### COMMON SECTION
.common:
  image: $ANSIBLE_IMAGE
  variables:
    GIT_DEPTH: 1
    ANSIBLE_FORCE_COLOR: "True"
    ANSIBLE_HOST_KEY_CHECKING: "False"
  before_script:
    - eval $(ssh-agent -s); echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
    - mkdir -p ~/.ssh && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
    - chmod -R o-w ../

##########################################################################################################

### CHECK SECTION
check:
  extends: .common
  stage: check
  interruptible: true
  rules:
    - if: '$CUSTOM_SKIP_CHECK'
      when: never
    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $CI_DEFAULT_BRANCH )'
    - when: never
  script:
    - echo "Checking inventory"
    - ansible-inventory -i inventory.yml --graph
    - ansible -i inventory.yml -m ping -u ${USERNAME:-maintenance} all:\!ungrouped

##########################################################################################################

### DEPLOY SECTION
deploy:
  extends: .common
  stage: deploy
  only:
    refs:
      - $CI_DEFAULT_BRANCH
    variables:
      - $REPOSITORY =~ /^\S+$/
  interruptible: false
  rules:
    - if: '$CI_PIPELINE_SOURCE == "web" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $REPOSITORY =~ /^\S+$/'
    - when: never
  script:
    - echo -e "Deploying...\n\tRepository - [${REPOSITORY}]\n\tPlaybook - [${PLAYBOOK:-run.yml}]\n\tParameters - [${PARAMETERS}]\n\tAnsible image - [${ANSIBLE_IMAGE}]"
    - export INVENTORY_DIRECTORY="`pwd`"
    - export ANSIBLE_CONFIG="${INVENTORY_DIRECTORY}/ansible.cfg"
    - git config --global credential.helper store && echo "https://${GIT_LOGIN}:${GIT_PASSWORD}@$(echo ${REPOSITORY} | sed -r 's#([^/])/[^/].*#\1#' | sed -e 's|https://||g')" > ~/.git-credentials
    - mkdir -p /tmp/checkout && git clone "${REPOSITORY}" /tmp/checkout && cd /tmp/checkout
    - test -s ansible.cfg && export ANSIBLE_CONFIG="`pwd`/ansible.cfg" || true
    - test -s requirements.yml && ansible-galaxy install -r requirements.yml || true
    - test -s setup.yml && ansible-playbook ${PARAMETERS} -u ${USERNAME:-maintenance} -i "${INVENTORY_DIRECTORY}/inventory.yml" setup.yml || true
    - test -s "${PLAYBOOK:-run.yml}" && ansible-playbook ${PARAMETERS} -u ${USERNAME:-maintenance} -i "${INVENTORY_DIRECTORY}/inventory.yml" "${PLAYBOOK:-run.yml}" || ( echo "Can't use playbook [${PLAYBOOK:-run.yml}]!" && exit 1 )