Loading .ansible-lint 0 → 100644 +23 −0 Original line number Diff line number Diff line --- exclude_paths: - ".gitlab/*" - ".gitlab-ci.yml" - "defaults/main.yaml" - "meta/main.yaml" - "vars/*" kinds: - playbook: "**/*.{yml,yaml}" skip_list: - "command-shell" - "experimental" - "git-latest" - "no-changed-when" - "no-handler" - "name[casing]" - "name[template]" - "risky-file-permissions" - "schema[playbook]" - "var-naming[no-role-prefix]" .gitignore 0 → 100644 +1 −0 Original line number Diff line number Diff line .ansible .gitlab-ci.yml 0 → 100644 +22 −0 Original line number Diff line number Diff line --- # gitLab ci stages stages: # deployment - "gitleaks" - "linting" - "deployment" # include jobs include: # deployment - local: ".gitlab/gitleaks.yaml" - local: ".gitlab/deployment.yaml" # linting - component: "$CI_SERVER_FQDN/components/ansible/linting@v2.0.1" - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0" - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2" .gitlab/deployment.yaml 0 → 100644 +32 −0 Original line number Diff line number Diff line --- # deploy ansible/roles/common code deployment: stage: "deployment" image: name: "cr.simoncor.net/siempie/ssh-client:v25.06.03" entrypoint: ["/bin/sh", "-c"] rules: # run only on push to default branch - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: "never" # prepare ssh before_script: # prepare ssh - | # prepare ssh mkdir -p ~/.ssh chmod 700 ~/.ssh echo "$SSH_CONFIG" > ~/.ssh/config echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 # deployment commands script: - | # install ansible roles dependancies ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER \ "sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force" .gitlab/gitleaks.yaml 0 → 100644 +18 −0 Original line number Diff line number Diff line --- # gitleaks gitleaks: stage: "gitleaks" image: name: "ghcr.io/gitleaks/gitleaks:latest" variables: GIT_DEPTH: 1 rules: # run only on push to default branch - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: "never" # start linting script: - "gitleaks detect --source . --verbose --redact" Loading
.ansible-lint 0 → 100644 +23 −0 Original line number Diff line number Diff line --- exclude_paths: - ".gitlab/*" - ".gitlab-ci.yml" - "defaults/main.yaml" - "meta/main.yaml" - "vars/*" kinds: - playbook: "**/*.{yml,yaml}" skip_list: - "command-shell" - "experimental" - "git-latest" - "no-changed-when" - "no-handler" - "name[casing]" - "name[template]" - "risky-file-permissions" - "schema[playbook]" - "var-naming[no-role-prefix]"
.gitlab-ci.yml 0 → 100644 +22 −0 Original line number Diff line number Diff line --- # gitLab ci stages stages: # deployment - "gitleaks" - "linting" - "deployment" # include jobs include: # deployment - local: ".gitlab/gitleaks.yaml" - local: ".gitlab/deployment.yaml" # linting - component: "$CI_SERVER_FQDN/components/ansible/linting@v2.0.1" - component: "$CI_SERVER_FQDN/components/markdownlint/markdownlint@1.0.0" - component: "$CI_SERVER_FQDN/components/yamllint/yamllint@1.0.2"
.gitlab/deployment.yaml 0 → 100644 +32 −0 Original line number Diff line number Diff line --- # deploy ansible/roles/common code deployment: stage: "deployment" image: name: "cr.simoncor.net/siempie/ssh-client:v25.06.03" entrypoint: ["/bin/sh", "-c"] rules: # run only on push to default branch - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: "never" # prepare ssh before_script: # prepare ssh - | # prepare ssh mkdir -p ~/.ssh chmod 700 ~/.ssh echo "$SSH_CONFIG" > ~/.ssh/config echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 # deployment commands script: - | # install ansible roles dependancies ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER \ "sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"
.gitlab/gitleaks.yaml 0 → 100644 +18 −0 Original line number Diff line number Diff line --- # gitleaks gitleaks: stage: "gitleaks" image: name: "ghcr.io/gitleaks/gitleaks:latest" variables: GIT_DEPTH: 1 rules: # run only on push to default branch - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: "never" # start linting script: - "gitleaks detect --source . --verbose --redact"
