Skip to content
Snippets Groups Projects
Commit 2a70763f authored by Jörg Sachse's avatar Jörg Sachse
Browse files

chore: change GitLab-CI pipeline to VM based

parent e0d42631
No related branches found
No related tags found
1 merge request!1Feature: GitLab-CI
---
# A pipeline is composed of independent jobs that run scripts, grouped into stages. # A pipeline is composed of independent jobs that run scripts, grouped into stages.
# Stages run in sequential order, but jobs within stages run in parallel. # Stages run in sequential order, but jobs within stages run in parallel.
# #
# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages # For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
stages: # List of stages for jobs, and their order of execution stages: # List of stages for jobs, and their order of execution
- build
- test - test
- cleanup
variables:
IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible"
# CI_DEBUG_TRACE: "true"
default: default:
image:
name: "${IMAGE_TARGET}:latest"
before_script: before_script:
- source /opt/molecule/bin/activate - source /opt/molecule/bin/activate
- ansible --version - ansible --version
- molecule --version - molecule --version
- docker --version
build-env-job: # This job runs in the build stage, which runs first.
stage: build
timeout: 30m
tags:
- "docker"
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
before_script: []
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/molecule/resources/playbooks/Dockerfile"
--destination "${IMAGE_TARGET}:latest"
test-job: # This job runs in the test stage. test-job:
stage: test # It only starts when the job in the build stage completes successfully. stage: test
tags: tags:
- "shell" - "shell"
script: script:
# make sure that Ansible Vaults are present and can be decrypted # make sure that Ansible Vaults are present and can be decrypted
# - sudo chown -R lza /builds/sachse/
- echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass - echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass
- export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass - export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass
- rm -rf ../ansible_vaults/ - rm -rf ../ansible_vaults/
- git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/ - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
# - sudo chmod o-w "${CI_PROJECT_DIR}"
# run Molecule tests # run Molecule tests
- molecule syntax --scenario-name default - molecule syntax --scenario-name default
- molecule lint --scenario-name default - molecule lint --scenario-name default
- molecule create --scenario-name default
- molecule converge --scenario-name default - molecule converge --scenario-name default
- molecule idempotence --scenario-name default - molecule idempotence --scenario-name default
# - molecule verify --scenario-name default #- molecule verify --scenario-name default
- molecule destroy --scenario-name default - molecule destroy --scenario-name default
cleanup-job:
stage: cleanup
tags:
- "shell"
script:
- rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%"
when: always
...@@ -22,5 +22,3 @@ ...@@ -22,5 +22,3 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: "squid.service" name: "squid.service"
state: restarted state: restarted
# Don't run systemd restart handler, because SystemD isn't available in the Docker container during Molecule tests.
tags: [molecule-notest]
--- ---
prerun: false
dependency: dependency:
name: galaxy name: galaxy
enabled: false
driver: driver:
name: docker name: vagrant
platforms: platforms:
- name: instance - name: vm-runner
dockerfile: ../resources/playbooks/Dockerfile box: debian/bullseye64
image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest memory: 1024
pre_build_image: false
provisioner: provisioner:
name: ansible name: ansible
playbooks: playbooks:
...@@ -20,7 +17,3 @@ provisioner: ...@@ -20,7 +17,3 @@ provisioner:
verify: ../resources/playbooks/verify.yml verify: ../resources/playbooks/verify.yml
verifier: verifier:
name: ansible name: ansible
lint: |
set -e
yamllint .
ansible-lint -x no-loop-var-prefix,command-instead-of-module
FROM debian:stable-slim
RUN adduser lza;
### configure SLUB Debian Repository
RUN apt-get update; \
apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \
wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \
echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \
apt-get update;
#apt-get -y --no-install-recommends install python3-pip python3-virtualenv;
RUN echo "lza ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user
USER lza
*********************************
Vagrant driver installation guide
*********************************
Requirements
============
* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule_vagrant'
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
tasks: pre_tasks:
- name: "Include role" - name: update apt cache
ansible.builtin.include_role: ansible.builtin.apt:
name: "ansible_lza_proxy" update_cache: true
become: true upgrade: dist
become: true
roles:
- {name: "ansible_lza_proxy", become: true}
...@@ -6,5 +6,5 @@ ...@@ -6,5 +6,5 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: Example assertion - name: Example assertion
ansible.builtin.assert: assert:
that: true that: true
...@@ -19,5 +19,4 @@ ...@@ -19,5 +19,4 @@
- name: configure iptables firewall - name: configure iptables firewall
ansible.builtin.import_tasks: "configure-iptables.yml" ansible.builtin.import_tasks: "configure-iptables.yml"
# don't run iptables tasks, because iptables can't be used in an unprivileged Docker container tags: [iptables]
tags: [iptables, molecule-notest]
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment