Merge branch '23-auto-stop-environments' into 'master'

| :lock: `ANSIBLE_REVIEW_PRIVATE_KEY`    | The SSH private key to be use in `review` env      | `$ANSIBLE_PRIVATE_KEY`                   |

| `ANSIBLE_REVIEW_PUBLIC_KEY`     | The SSH public key associated to the private key to be use in `review` env      | `$ANSIBLE_PUBLIC_KEY`                   |

| :lock: `ANSIBLE_REVIEW_VAULT_PASSWORD` | The Ansible vault password for `review` env        | `$ANSIBLE_VAULT_PASSWORD`                 |

| `ANSIBLE_REVIEW_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop `review` environments | `4 hours` |

### Integration environment configuration

| :lock: `ANSIBLE_INTEG_PRIVATE_KEY`    | The SSH private key to be use in `integration` env     | `$ANSIBLE_PRIVATE_KEY`                  |

| `ANSIBLE_INTEG_PUBLIC_KEY`      | The SSH public key associated to the private key to be use in `integration` env  | `$ANSIBLE_PUBLIC_KEY`                   |

| :lock: `ANSIBLE_INTEG_VAULT_PASSWORD` | The Ansible vault password for `integration` env       | `$ANSIBLE_VAULT_PASSWORD`                |

| `ANSIBLE_INTEG_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop the `integration` env | `never` |

### Staging environment configuration

| :lock: `ANSIBLE_STAGING_PRIVATE_KEY`    | The SSH private key to be use in `staging` env     | `$ANSIBLE_PRIVATE_KEY`                  |

| `ANSIBLE_STAGING_PUBLIC_KEY`     | The SSH public key associated to the private key to be use in `staging` env      | `$ANSIBLE_PUBLIC_KEY`                   |

| :lock: `ANSIBLE_STAGING_VAULT_PASSWORD` | The Ansible vault password for `staging` env       | `$ANSIBLE_VAULT_PASSWORD`                |

| `ANSIBLE_STAGING_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop the `staging` env | `never` |

### Production environment configuration

          "advanced": true,

          "default": "$ANSIBLE_DEFAULT_EXTRA_ARGS"

        },

        {

          "name": "ANSIBLE_REVIEW_AUTOSTOP_DURATION",

          "description": "The amount of time before GitLab will automatically stop `review` environments",

          "default": "4 hours"

        },

        {

          "name": "ANSIBLE_REVIEW_PLAYBOOK_FILE",

          "description": " The playbook filename for `review` env",

          "description": "The application name for integration env (only define if different from global)",

          "advanced": true

        },

        {

          "name": "ANSIBLE_INTEG_AUTOSTOP_DURATION",

          "description": "The amount of time before GitLab will automatically stop the `integration` env",

          "default": "never"

        },

        {

          "name": "ANSIBLE_INTEG_ENVIRONMENT_URL",

          "type": "url",

          "description": "The application name for staging env (only define if different from global)",

          "advanced": true

        },

        {

          "name": "ANSIBLE_STAGING_AUTOSTOP_DURATION",

          "description": "The amount of time before GitLab will automatically stop the `staging` env",

          "default": "never"

        },

        {

          "name": "ANSIBLE_STAGING_ENVIRONMENT_URL",

          "type": "url",

  ANSIBLE_HOST_KEY_CHECKING: "false"

  ANSIBLE_DEFAULT_ROLES_PATH: "$CI_PROJECT_DIR/roles"

  ANSIBLE_REVIEW_AUTOSTOP_DURATION: "4 hours"

  ANSIBLE_INTEG_AUTOSTOP_DURATION: "never"

  ANSIBLE_STAGING_AUTOSTOP_DURATION: "never"

  # default: one-click deploy

  ANSIBLE_PROD_DEPLOY_STRATEGY: manual

    tags=$2

    extra_opts=$3

    playbook_file=$4

    private_key=$5

    public_key=$6

    vault_password=$7

    export environment_type=$ENV_TYPE

    export environment_name=${ENV_APP_NAME:-${ANSIBLE_BASE_APP_NAME}${ENV_APP_SUFFIX}}

    export environment_url=${ENV_URL:-${ANSIBLE_ENVIRONMENT_URL:-$CI_ENVIRONMENT_URL}}

    private_key=${ENV_PRIVATE_KEY:-$ANSIBLE_PRIVATE_KEY}

    public_key=${ENV_PUBLIC_KEY:-$ANSIBLE_PUBLIC_KEY}

    vault_password=${ENV_VAULT_PASSWORD:-$ANSIBLE_VAULT_PASSWORD}

    # variables expansion in $environment_url

    environment_url=$(echo "$environment_url" | awkenvsubst)

.ansible-commands:

  default:

    deploy: run_ansible "${ENV_INVENTORY:-${ANSIBLE_DEFAULT_INVENTORY}}" "${ENV_TAGS:-${ANSIBLE_DEFAULT_TAGS}}" "${ENV_EXTRA_ARGS:-${ANSIBLE_DEFAULT_EXTRA_ARGS}}" "${ENV_PLAYBOOK_FILE}" "${ENV_PRIVATE_KEY:-${ANSIBLE_PRIVATE_KEY}}" "${ENV_PUBLIC_KEY:-${ANSIBLE_PUBLIC_KEY}}" "${ENV_VAULT_PASSWORD:-${ANSIBLE_VAULT_PASSWORD}}"

    cleanup: run_ansible "${ENV_INVENTORY:-${ANSIBLE_DEFAULT_INVENTORY}}" "$ENV_CLEANUP_TAGS" "${ENV_EXTRA_ARGS:-${ANSIBLE_DEFAULT_EXTRA_ARGS}}" "${ENV_CLEANUP_PLAYBOOK_FILE:-${ENV_PLAYBOOK_FILE}}" "${ENV_PRIVATE_KEY:-${ANSIBLE_PRIVATE_KEY}}" "${ENV_PUBLIC_KEY:-${ANSIBLE_PUBLIC_KEY}}" "${ENV_VAULT_PASSWORD:-${ANSIBLE_VAULT_PASSWORD}}"

    deploy: run_ansible "${ENV_INVENTORY:-${ANSIBLE_DEFAULT_INVENTORY}}" "${ENV_TAGS:-${ANSIBLE_DEFAULT_TAGS}}" "${ENV_EXTRA_ARGS:-${ANSIBLE_DEFAULT_EXTRA_ARGS}}" "${ENV_PLAYBOOK_FILE}"

    cleanup: run_ansible "${ENV_INVENTORY:-${ANSIBLE_DEFAULT_INVENTORY}}" "$ENV_CLEANUP_TAGS" "${ENV_EXTRA_ARGS:-${ANSIBLE_DEFAULT_EXTRA_ARGS}}" "${ENV_CLEANUP_PLAYBOOK_FILE:-${ENV_PLAYBOOK_FILE}}"

  deploy:

    - !reference [ .ansible-commands, default, deploy ]

  cleanup:

    - cd $ANSIBLE_PROJECT_DIR

    - assert_defined "${ENV_INVENTORY:-${ANSIBLE_DEFAULT_INVENTORY}}" 'Missing required Ansible inventory'

    - assert_defined "${ENV_PLAYBOOK_FILE}" 'Missing required Ansible playbook'

    - export environment_type="$ENV_TYPE"

    - export environment_name="${ENV_APP_NAME:-${ANSIBLE_BASE_APP_NAME}${ENV_APP_SUFFIX}}"

    - export environment_url="${ENV_URL:-${ANSIBLE_ENVIRONMENT_URL:-$CI_ENVIRONMENT_URL}}"

    - chmod go-rwx .

  script:

    - !reference [ .ansible-commands, deploy ]

    - assert_defined "${ENV_INVENTORY:-${ANSIBLE_DEFAULT_INVENTORY}}" 'Missing required Ansible inventory'

    - assert_defined "${ENV_CLEANUP_PLAYBOOK_FILE:-${ENV_PLAYBOOK_FILE}}" 'Missing required Ansible playbook'

    - assert_defined "$ENV_CLEANUP_TAGS" 'Missing required Ansible cleanup tags'

    - export environment_type="$ENV_TYPE"

    - export environment_name="${ENV_APP_NAME:-${ANSIBLE_BASE_APP_NAME}${ENV_APP_SUFFIX}}"

    - chmod go-rwx .

  script:

    - !reference [ .ansible-commands, cleanup ]

  environment:

    name: review/$CI_COMMIT_REF_NAME

    on_stop: ansible-cleanup-review

    auto_stop_in: "$ANSIBLE_REVIEW_AUTOSTOP_DURATION"

  resource_group: review/$CI_COMMIT_REF_NAME

  rules:

    # exclude tags

  environment:

    name: integration

    on_stop: ansible-cleanup-integration

    auto_stop_in: "$ANSIBLE_INTEG_AUTOSTOP_DURATION"

  resource_group: integration

  rules:

    # only on integration branch(es), with $ANSIBLE_INTEG_PLAYBOOK_FILE set

  environment:

    name: staging

    on_stop: ansible-cleanup-staging

    auto_stop_in: "$ANSIBLE_STAGING_AUTOSTOP_DURATION"

  resource_group: staging

  rules:

    # only on production branch(es), with $ANSIBLE_STAGING_PLAYBOOK_FILE set

###############################

#           Prod              #

###############################

ansible-production:

  extends: .ansible-deploy

  stage: production