resmo/.gitlab-ci.yml

## .gitlab-ci.yml
---
image: python:3.8-slim-buster

variables:
  ANSIBLE_FORCE_COLOR: "true"
  VIRTUAL_ENV: .venv
  PIP_REQUIRE_VIRTUALENV: "true"
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

cache: &global_cache
  key:
    files:
      - requirements.lock.txt
      - requirements.yml
  paths:
    - .venv/
    - collections/
    - roles_galaxy/
    - .cache/
  policy: pull-push

stages:
  - install
  - check

.common:
  cache:
    <<: *global_cache
    policy: pull
  before_script:
    - echo $ANSIBLE_VAULT_PASSWORD > .vault
    # https://docs.ansible.com/ansible/devel/reference_appendices/config.html#avoiding-security-risks-with-ansible-cfg-in-the-current-directory
    - chmod 0750 .
    - python -m venv .venv
    - source .venv/bin/activate
    - apt-get update && apt-get install -y git
    - pip install --upgrade pip wheel
    - pip install -r requirements.lock.txt
    - ansible-galaxy collection install -r requirements.yml
    - ansible-galaxy role install -r requirements.yml

install:
  extends: .common
  cache:
    <<: *global_cache
    policy: pull-push
  stage: install
  script: ansible --version

ansible_lint:
  extends: .common
  stage: check
  script:
    - pip install -U ansible-lint
    - ansible-lint  playbooks/*.yml
  allow_failure: true

yaml_lint:
  extends: .common
  stage: check
  script:
    - pip install -U yamllint
    - yamllint --strict --format colored .
  allow_failure: true

safety:
  extends: .common
  stage: check
  script:
    - pip install -U safety
    - safety check -r requirements.lock.txt
  allow_failure: true
	---
	image: python:3.8-slim-buster

	variables:
	ANSIBLE_FORCE_COLOR: "true"
	VIRTUAL_ENV: .venv
	PIP_REQUIRE_VIRTUALENV: "true"
	PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

	cache: &global_cache
	key:
	files:
	- requirements.lock.txt
	- requirements.yml
	paths:
	- .venv/
	- collections/
	- roles_galaxy/
	- .cache/
	policy: pull-push

	stages:
	- install
	- check

	.common:
	cache:
	<<: *global_cache
	policy: pull
	before_script:
	- echo $ANSIBLE_VAULT_PASSWORD > .vault
	# https://docs.ansible.com/ansible/devel/reference_appendices/config.html#avoiding-security-risks-with-ansible-cfg-in-the-current-directory
	- chmod 0750 .
	- python -m venv .venv
	- source .venv/bin/activate
	- apt-get update && apt-get install -y git
	- pip install --upgrade pip wheel
	- pip install -r requirements.lock.txt
	- ansible-galaxy collection install -r requirements.yml
	- ansible-galaxy role install -r requirements.yml

	install:
	extends: .common
	cache:
	<<: *global_cache
	policy: pull-push
	stage: install
	script: ansible --version

	ansible_lint:
	extends: .common
	stage: check
	script:
	- pip install -U ansible-lint
	- ansible-lint playbooks/*.yml
	allow_failure: true

	yaml_lint:
	extends: .common
	stage: check
	script:
	- pip install -U yamllint
	- yamllint --strict --format colored .
	allow_failure: true

	safety:
	extends: .common
	stage: check
	script:
	- pip install -U safety
	- safety check -r requirements.lock.txt
	allow_failure: true