From 2a70763f1863271066d5edff93a5cbc68f87e56b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de>
Date: Fri, 10 Jun 2022 15:59:09 +0200
Subject: [PATCH] chore: change GitLab-CI pipeline to VM based

---
 .gitlab-ci.yml                            | 47 +++--------------------
 handlers/main.yml                         |  2 -
 molecule/default/molecule.yml             | 15 ++------
 molecule/resources/playbooks/Dockerfile   | 15 --------
 molecule/resources/playbooks/INSTALL.rst  | 23 +++++++++++
 molecule/resources/playbooks/converge.yml | 13 ++++---
 molecule/resources/playbooks/verify.yml   |  2 +-
 tasks/main.yml                            |  3 +-
 8 files changed, 42 insertions(+), 78 deletions(-)
 delete mode 100644 molecule/resources/playbooks/Dockerfile
 create mode 100644 molecule/resources/playbooks/INSTALL.rst

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 26f0ec1..b4e7858 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,69 +1,32 @@
----
 # A pipeline is composed of independent jobs that run scripts, grouped into stages.
 # Stages run in sequential order, but jobs within stages run in parallel.
 #
 # For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
 
 stages:          # List of stages for jobs, and their order of execution
-  - build
   - test
-  - cleanup
-
-variables:
-  IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible"
-#  CI_DEBUG_TRACE: "true"
 
 default:
-  image:
-    name: "${IMAGE_TARGET}:latest"
   before_script:
     - source /opt/molecule/bin/activate
     - ansible --version
     - molecule --version
-    - docker --version
-
-build-env-job:       # This job runs in the build stage, which runs first.
-  stage: build
-  timeout: 30m
-  tags:
-    - "docker"
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script: []
-  script:
-    - mkdir -p /kaniko/.docker
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
-    - >-
-      /kaniko/executor
-      --context "${CI_PROJECT_DIR}"
-      --dockerfile "${CI_PROJECT_DIR}/molecule/resources/playbooks/Dockerfile"
-      --destination "${IMAGE_TARGET}:latest"
 
-test-job:        # This job runs in the test stage.
-  stage: test    # It only starts when the job in the build stage completes successfully.
+test-job:
+  stage: test
   tags:
     - "shell"
   script:
     # make sure that Ansible Vaults are present and can be decrypted
-    # - sudo chown -R lza /builds/sachse/
     - echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass
     - export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass
     - rm -rf ../ansible_vaults/
-    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/
-    # - sudo chmod o-w "${CI_PROJECT_DIR}"
+    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
     # run Molecule tests
     - molecule syntax --scenario-name default
     - molecule lint --scenario-name default
+    - molecule create --scenario-name default
     - molecule converge --scenario-name default
     - molecule idempotence --scenario-name default
-    # - molecule verify --scenario-name default
+      #- molecule verify --scenario-name default
     - molecule destroy --scenario-name default
-
-cleanup-job:
-  stage: cleanup
-  tags:
-    - "shell"
-  script:
-    - rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%"
-  when: always
diff --git a/handlers/main.yml b/handlers/main.yml
index c1ee46a..db701ee 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -22,5 +22,3 @@
   ansible.builtin.systemd:
     name: "squid.service"
     state: restarted
-  # Don't run systemd restart handler, because SystemD isn't available in the Docker container during Molecule tests.
-  tags: [molecule-notest]
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 82d95e2..5424d3e 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,15 +1,12 @@
 ---
-prerun: false
 dependency:
   name: galaxy
-  enabled: false
 driver:
-  name: docker
+  name: vagrant
 platforms:
-  - name: instance
-    dockerfile: ../resources/playbooks/Dockerfile
-    image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest
-    pre_build_image: false
+  - name: vm-runner
+    box: debian/bullseye64
+    memory: 1024
 provisioner:
   name: ansible
   playbooks:
@@ -20,7 +17,3 @@ provisioner:
     verify: ../resources/playbooks/verify.yml
 verifier:
   name: ansible
-lint: |
-  set -e
-  yamllint .
-  ansible-lint -x no-loop-var-prefix,command-instead-of-module
diff --git a/molecule/resources/playbooks/Dockerfile b/molecule/resources/playbooks/Dockerfile
deleted file mode 100644
index 535145c..0000000
--- a/molecule/resources/playbooks/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
-FROM debian:stable-slim
-
-RUN adduser lza;
-
-### configure SLUB Debian Repository
-RUN apt-get update; \
-    apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \
-    wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \
-    echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \
-    apt-get update;
-    #apt-get -y --no-install-recommends install python3-pip python3-virtualenv;
-
-RUN echo "lza     ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user
-
-USER lza
diff --git a/molecule/resources/playbooks/INSTALL.rst b/molecule/resources/playbooks/INSTALL.rst
new file mode 100644
index 0000000..0c4bf5c
--- /dev/null
+++ b/molecule/resources/playbooks/INSTALL.rst
@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'
diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml
index 540cfb6..6817a16 100644
--- a/molecule/resources/playbooks/converge.yml
+++ b/molecule/resources/playbooks/converge.yml
@@ -1,8 +1,11 @@
 ---
 - name: Converge
   hosts: all
-  tasks:
-    - name: "Include role"
-      ansible.builtin.include_role:
-        name: "ansible_lza_proxy"
-  become: true
+  pre_tasks:
+    - name: update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+        upgrade: dist
+      become: true
+  roles:
+    - {name: "ansible_lza_proxy", become: true}
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index e707420..79044cd 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -6,5 +6,5 @@
   gather_facts: false
   tasks:
   - name: Example assertion
-    ansible.builtin.assert:
+    assert:
       that: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 279f329..f3d7ed6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,5 +19,4 @@
 
 - name: configure iptables firewall
   ansible.builtin.import_tasks: "configure-iptables.yml"
-  # don't run iptables tasks, because iptables can't be used in an unprivileged Docker container
-  tags: [iptables, molecule-notest]
+  tags: [iptables]
-- 
GitLab