Loading templates/gitlab-ci-ansible.yml +28 −50 Original line number Diff line number Diff line Loading @@ -483,7 +483,7 @@ stages: name: "$ANSIBLE_IMAGE" entrypoint: [""] .ansible-lint-base: ansible-lint: extends: .ansible-base interruptible: true stage: build Loading @@ -492,6 +492,18 @@ stages: entrypoint: [""] script: - ansible-lint main.yml parallel: matrix: - ENV_PREFIX: REVIEW - ENV_PREFIX: INTEG - ENV_PREFIX: STAGING - ENV_PREFIX: PROD script: - mkdir -p -m 777 reports - env_name=$(echo "$ENV_PREFIX" | tr '[:upper:]' '[:lower:]') - playbook_file=$(eval echo "\$ANSIBLE_${ENV_PREFIX}_PLAYBOOK_FILE") - ansible-lint "$playbook_file" -f codeclimate > reports/ansible-lint-${env_name}.codeclimate.json || true - ansible-lint "$playbook_file" artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day Loading @@ -501,64 +513,30 @@ stages: - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-*.codeclimate.json" paths: - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-*.codeclimate.json" ansible-lint-review: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_REVIEW_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-review.codeclimate.json || true - ansible-lint "$ANSIBLE_REVIEW_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' when: never # else: allow is $ANSIBLE_REVIEW_PLAYBOOK_FILE is set - if: '$ANSIBLE_REVIEW_PLAYBOOK_FILE == null || $ANSIBLE_REVIEW_PLAYBOOK_FILE == ""' # exclude tags - if: $CI_COMMIT_TAG when: never - !reference [.test-policy, rules] ansible-lint-integration: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_INTEG_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-integration.codeclimate.json || true - ansible-lint "$ANSIBLE_INTEG_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' when: never # else: allow is $ANSIBLE_INTEG_PLAYBOOK_FILE is set - if: '$ANSIBLE_INTEG_PLAYBOOK_FILE == null || $ANSIBLE_INTEG_PLAYBOOK_FILE == ""' # exclude review if $ANSIBLE_REVIEW_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "REVIEW" && ($ANSIBLE_REVIEW_PLAYBOOK_FILE == null || $ANSIBLE_REVIEW_PLAYBOOK_FILE == "")' when: never - !reference [.test-policy, rules] ansible-lint-staging: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_STAGING_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-staging.codeclimate.json || true - ansible-lint "$ANSIBLE_STAGING_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' # exclude review on integration or prod branch - if: '$ENV_PREFIX == "REVIEW" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)' when: never # else: allow is $ANSIBLE_INTEG_PLAYBOOK_FILE is set - if: '$ANSIBLE_STAGING_PLAYBOOK_FILE == null || $ANSIBLE_STAGING_PLAYBOOK_FILE == ""' # exclude integration if $ANSIBLE_INTEG_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "INTEG" && ($ANSIBLE_INTEG_PLAYBOOK_FILE == null || $ANSIBLE_INTEG_PLAYBOOK_FILE == "")' when: never - !reference [.test-policy, rules] ansible-lint-prod: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_PROD_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-prod.codeclimate.json || true - ansible-lint "$ANSIBLE_PROD_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' # exclude integration on prod branch - if: '$ENV_PREFIX == "INTEG" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never # else: allow is $ANSIBLE_PROD_PLAYBOOK_FILE is set - if: '$ANSIBLE_PROD_PLAYBOOK_FILE == null || $ANSIBLE_PROD_PLAYBOOK_FILE == ""' # exclude staging if $ANSIBLE_STAGING_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "STAGING" && ($ANSIBLE_STAGING_PLAYBOOK_FILE == null || $ANSIBLE_STAGING_PLAYBOOK_FILE == "")' when: never # exclude production if $ANSIBLE_PROD_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "PROD" && ($ANSIBLE_PROD_PLAYBOOK_FILE == null || $ANSIBLE_PROD_PLAYBOOK_FILE == "")' when: never - !reference [.test-policy, rules] Loading Loading
templates/gitlab-ci-ansible.yml +28 −50 Original line number Diff line number Diff line Loading @@ -483,7 +483,7 @@ stages: name: "$ANSIBLE_IMAGE" entrypoint: [""] .ansible-lint-base: ansible-lint: extends: .ansible-base interruptible: true stage: build Loading @@ -492,6 +492,18 @@ stages: entrypoint: [""] script: - ansible-lint main.yml parallel: matrix: - ENV_PREFIX: REVIEW - ENV_PREFIX: INTEG - ENV_PREFIX: STAGING - ENV_PREFIX: PROD script: - mkdir -p -m 777 reports - env_name=$(echo "$ENV_PREFIX" | tr '[:upper:]' '[:lower:]') - playbook_file=$(eval echo "\$ANSIBLE_${ENV_PREFIX}_PLAYBOOK_FILE") - ansible-lint "$playbook_file" -f codeclimate > reports/ansible-lint-${env_name}.codeclimate.json || true - ansible-lint "$playbook_file" artifacts: name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" expire_in: 1 day Loading @@ -501,64 +513,30 @@ stages: - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-*.codeclimate.json" paths: - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-*.codeclimate.json" ansible-lint-review: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_REVIEW_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-review.codeclimate.json || true - ansible-lint "$ANSIBLE_REVIEW_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' when: never # else: allow is $ANSIBLE_REVIEW_PLAYBOOK_FILE is set - if: '$ANSIBLE_REVIEW_PLAYBOOK_FILE == null || $ANSIBLE_REVIEW_PLAYBOOK_FILE == ""' # exclude tags - if: $CI_COMMIT_TAG when: never - !reference [.test-policy, rules] ansible-lint-integration: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_INTEG_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-integration.codeclimate.json || true - ansible-lint "$ANSIBLE_INTEG_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' when: never # else: allow is $ANSIBLE_INTEG_PLAYBOOK_FILE is set - if: '$ANSIBLE_INTEG_PLAYBOOK_FILE == null || $ANSIBLE_INTEG_PLAYBOOK_FILE == ""' # exclude review if $ANSIBLE_REVIEW_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "REVIEW" && ($ANSIBLE_REVIEW_PLAYBOOK_FILE == null || $ANSIBLE_REVIEW_PLAYBOOK_FILE == "")' when: never - !reference [.test-policy, rules] ansible-lint-staging: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_STAGING_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-staging.codeclimate.json || true - ansible-lint "$ANSIBLE_STAGING_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' # exclude review on integration or prod branch - if: '$ENV_PREFIX == "REVIEW" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)' when: never # else: allow is $ANSIBLE_INTEG_PLAYBOOK_FILE is set - if: '$ANSIBLE_STAGING_PLAYBOOK_FILE == null || $ANSIBLE_STAGING_PLAYBOOK_FILE == ""' # exclude integration if $ANSIBLE_INTEG_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "INTEG" && ($ANSIBLE_INTEG_PLAYBOOK_FILE == null || $ANSIBLE_INTEG_PLAYBOOK_FILE == "")' when: never - !reference [.test-policy, rules] ansible-lint-prod: extends: .ansible-lint-base script: - mkdir -p -m 777 reports - ansible-lint "$ANSIBLE_PROD_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-prod.codeclimate.json || true - ansible-lint "$ANSIBLE_PROD_PLAYBOOK_FILE" rules: # exclude when $ANSIBLE_LINT_DISABLED is set - if: '$ANSIBLE_LINT_DISABLED == "true"' # exclude integration on prod branch - if: '$ENV_PREFIX == "INTEG" && $CI_COMMIT_REF_NAME =~ $PROD_REF' when: never # else: allow is $ANSIBLE_PROD_PLAYBOOK_FILE is set - if: '$ANSIBLE_PROD_PLAYBOOK_FILE == null || $ANSIBLE_PROD_PLAYBOOK_FILE == ""' # exclude staging if $ANSIBLE_STAGING_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "STAGING" && ($ANSIBLE_STAGING_PLAYBOOK_FILE == null || $ANSIBLE_STAGING_PLAYBOOK_FILE == "")' when: never # exclude production if $ANSIBLE_PROD_PLAYBOOK_FILE unset - if: '$ENV_PREFIX == "PROD" && ($ANSIBLE_PROD_PLAYBOOK_FILE == null || $ANSIBLE_PROD_PLAYBOOK_FILE == "")' when: never - !reference [.test-policy, rules] Loading
