Commit fe9515dd authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

fix(lint): replace parallel:matrix job impl with explicit inheritance to allow... 

fix(lint): replace parallel:matrix job impl with explicit inheritance to allow user multi-template instantiation
parent fe30adbb

templates/gitlab-ci-ansible.yml

+71 −25
Original line number Diff line number Diff line
@@ -793,35 +793,39 @@ stages: 
    name: "$ANSIBLE_IMAGE"

    entrypoint: [""]



ansible-lint:



# Ansible Lint job prototype

# Can be extended to define a concrete environment

#

# @arg ENV_TYPE          : environment type

# @arg ENV_PLAYBOOK_FILE : env-specific Ansible playbook

.ansible-lint:

  extends: .ansible-base

  interruptible: true

  stage: build

  image:

    name: "$ANSIBLE_LINT_IMAGE"

    entrypoint: [""]

  parallel:

    matrix:

      - ENV_PREFIX: REVIEW

      - ENV_PREFIX: INTEG

      - ENV_PREFIX: STAGING

      - ENV_PREFIX: PROD

  script:

    - maybe_install_requirements

    - mkdir -p -m 777 reports

    - env_name=$(echo "$ENV_PREFIX" | tr '[:upper:]' '[:lower:]')

    - playbook_file=$(eval echo "\$ANSIBLE_${ENV_PREFIX}_PLAYBOOK_FILE")

    - ansible-lint "$playbook_file" -f codeclimate > reports/ansible-lint-${env_name}.codeclimate.json || true

    - ansible-lint "$playbook_file"

    - ansible-lint "$ENV_PLAYBOOK_FILE" -f codeclimate > reports/ansible-lint-$ENV_TYPE.codeclimate.json || true

    - ansible-lint "$ENV_PLAYBOOK_FILE"

  artifacts:

    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 day

    when: always

    reports:

      codequality:

        - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-*.codeclimate.json"

        - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-$ENV_TYPE.codeclimate.json"

    paths:

      - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-*.codeclimate.json"

      - "$ANSIBLE_PROJECT_DIR/reports/ansible-lint-$ENV_TYPE.codeclimate.json"



ansible-lint-review:

  extends: .ansible-lint

  variables:

    ENV_TYPE: review

    ENV_PLAYBOOK_FILE: "$ANSIBLE_REVIEW_PLAYBOOK_FILE"

  rules:

    # exclude tags

    - if: $CI_COMMIT_TAG
@@ -829,23 +833,65 @@ ansible-lint: 
    # exclude when $ANSIBLE_LINT_DISABLED is set

    - if: '$ANSIBLE_LINT_DISABLED == "true"'

      when: never

    # exclude review if $ANSIBLE_REVIEW_PLAYBOOK_FILE unset

    - if: '$ENV_PREFIX == "REVIEW" && ($ANSIBLE_REVIEW_PLAYBOOK_FILE == null || $ANSIBLE_REVIEW_PLAYBOOK_FILE == "")'

    # exclude if $ANSIBLE_REVIEW_PLAYBOOK_FILE unset

    - if: '$ANSIBLE_REVIEW_PLAYBOOK_FILE == null || $ANSIBLE_REVIEW_PLAYBOOK_FILE == ""'

      when: never

    # exclude on integration or prod branch

    - if: '$CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF'

      when: never

    - !reference [.test-policy, rules]



ansible-lint-integration:

  extends: .ansible-lint

  variables:

    ENV_TYPE: integration

    ENV_PLAYBOOK_FILE: "$ANSIBLE_INTEG_PLAYBOOK_FILE"

  rules:

    # exclude tags

    - if: $CI_COMMIT_TAG

      when: never

    # exclude when $ANSIBLE_LINT_DISABLED is set

    - if: '$ANSIBLE_LINT_DISABLED == "true"'

      when: never

    # exclude if $ANSIBLE_INTEG_PLAYBOOK_FILE unset

    - if: '$ANSIBLE_INTEG_PLAYBOOK_FILE == null || $ANSIBLE_INTEG_PLAYBOOK_FILE == ""'

      when: never

    # exclude on prod branch

    - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF'

      when: never

    # exclude review on integration or prod branch

    - if: '$ENV_PREFIX == "REVIEW" && ($CI_COMMIT_REF_NAME =~ $INTEG_REF || $CI_COMMIT_REF_NAME =~ $PROD_REF)'

    - !reference [.test-policy, rules]



ansible-lint-staging:

  extends: .ansible-lint

  variables:

    ENV_TYPE: staging

    ENV_PLAYBOOK_FILE: "$ANSIBLE_STAGING_PLAYBOOK_FILE"

  rules:

    # exclude tags

    - if: $CI_COMMIT_TAG

      when: never

    # exclude integration if $ANSIBLE_INTEG_PLAYBOOK_FILE unset

    - if: '$ENV_PREFIX == "INTEG" && ($ANSIBLE_INTEG_PLAYBOOK_FILE == null || $ANSIBLE_INTEG_PLAYBOOK_FILE == "")'

    # exclude when $ANSIBLE_LINT_DISABLED is set

    - if: '$ANSIBLE_LINT_DISABLED == "true"'

      when: never

    # exclude integration on prod branch

    - if: '$ENV_PREFIX == "INTEG" && $CI_COMMIT_REF_NAME =~ $PROD_REF'

    # exclude if $ANSIBLE_STAGING_PLAYBOOK_FILE unset

    - if: '$ANSIBLE_STAGING_PLAYBOOK_FILE == null || $ANSIBLE_STAGING_PLAYBOOK_FILE == ""'

      when: never

    # exclude staging if $ANSIBLE_STAGING_PLAYBOOK_FILE unset

    - if: '$ENV_PREFIX == "STAGING" && ($ANSIBLE_STAGING_PLAYBOOK_FILE == null || $ANSIBLE_STAGING_PLAYBOOK_FILE == "")'

    - !reference [.test-policy, rules]



ansible-lint-production:

  extends: .ansible-lint

  variables:

    ENV_TYPE: production

    ENV_PLAYBOOK_FILE: "$ANSIBLE_PROD_PLAYBOOK_FILE"

  rules:

    # exclude tags

    - if: $CI_COMMIT_TAG

      when: never

    # exclude when $ANSIBLE_LINT_DISABLED is set

    - if: '$ANSIBLE_LINT_DISABLED == "true"'

      when: never

    # exclude production if $ANSIBLE_PROD_PLAYBOOK_FILE unset

    - if: '$ENV_PREFIX == "PROD" && ($ANSIBLE_PROD_PLAYBOOK_FILE == null || $ANSIBLE_PROD_PLAYBOOK_FILE == "")'

    # exclude if $ANSIBLE_PROD_PLAYBOOK_FILE unset

    - if: '$ANSIBLE_PROD_PLAYBOOK_FILE == null || $ANSIBLE_PROD_PLAYBOOK_FILE == ""'

      when: never

    - !reference [.test-policy, rules]