feat: initial commit

---

exclude_paths:

  - ".gitlab/*"

  - ".gitlab-ci.yml"

  - "defaults/main.yaml"

  - "meta/main.yaml"

  - "vars/*"

kinds:

  - playbook: "**/*.{yml,yaml}"

skip_list:

  - "command-shell"

  - "experimental"

  - "git-latest"

  - "no-changed-when"

  - "no-handler"

  - "name[casing]"

  - "name[template]"

  - "risky-file-permissions"

  - "schema[playbook]"

  - "var-naming[no-role-prefix]"

.ansible

---

# gitLab ci stages

stages:

  # deployment

  - "gitleaks"

  - "linting"

  - "deployment"

# include jobs

include:

  # deployment

  - local: ".gitlab/gitleaks.yaml"

  - local: ".gitlab/linting.yaml"

  - local: ".gitlab/deployment.yaml"

---

# deploy ansible/roles/common code

deployment:

  stage: "deployment"

  image:

    name: "cr.simoncor.net/siempie/ssh-client:latest"

    entrypoint: ["/bin/sh", "-c"]

  rules:

    # run only on push to default branch

    - if:

        '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH ==

        $CI_DEFAULT_BRANCH'

    - when: "never"

  # prepare ssh

  before_script:

    # prepare ssh

    - |

      # prepare ssh

      mkdir -p ~/.ssh

      chmod 700 ~/.ssh

      echo "$SSH_CONFIG" > ~/.ssh/config

      echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519

      chmod 600 ~/.ssh/id_ed25519

  # deployment commands

  script:

    - |

      # install ansible roles dependancies

      ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"

---

# gitleaks

gitleaks:

  stage: "gitleaks"

  image:

    name: "ghcr.io/gitleaks/gitleaks:latest"

  rules:

    # run only on push to default branch

    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

    - when: "never"

  # start linting

  script:

    - "gitleaks detect --source . --verbose --redact"