From 826da6be89630465fb12a3c2677ac6c30ed679bb Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Sat, 1 Nov 2025 12:58:42 +0100
Subject: [PATCH] feat: implement new role layout

---
 .gitlab-ci.yml          |  7 +------
 .gitlab/deployment.yaml | 32 --------------------------------
 playbook.yaml           |  8 +++++---
 3 files changed, 6 insertions(+), 41 deletions(-)
 delete mode 100644 .gitlab/deployment.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 54a4cb4..ccccaf2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,19 +2,14 @@
 
 # gitLab ci stages
 stages:
-
-  # deployment
   - "gitleaks"
   - "linting"
-  - "deployment"
-
 
 # include jobs
 include:
 
-  # deployment
+  # code plumbing
   - local: ".gitlab/gitleaks.yaml"
-  - local: ".gitlab/deployment.yaml"
 
   # linting
   - component: "$CI_SERVER_FQDN/components/ansible/linting@v3.0.3"
diff --git a/.gitlab/deployment.yaml b/.gitlab/deployment.yaml
deleted file mode 100644
index 869badc..0000000
--- a/.gitlab/deployment.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-# deploy ansible/roles/common code
-deployment:
-  stage: "deployment"
-  image:
-    name: "registry.gitlab.simoncor.net/oci/ssh-client:v25.06.03"
-    entrypoint: ["/bin/sh", "-c"]
-  rules:
-
-    # run only on push to default branch
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
-    - when: "never"
-
-  # prepare ssh
-  before_script:
-
-    # prepare ssh
-    - |
-        # prepare ssh
-        mkdir -p ~/.ssh
-        chmod 700 ~/.ssh
-        echo "$SSH_CONFIG" > ~/.ssh/config
-        echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
-        chmod 600 ~/.ssh/id_ed25519
-
-  # deployment commands
-  script:
-
-    - |
-        # install ansible roles dependancies
-        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER \
-        "sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"
diff --git a/playbook.yaml b/playbook.yaml
index e26f492..b485931 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -5,7 +5,7 @@
   hosts: "all"
   serial: 2
   become: true
-  pre_tasks:
+  tasks:
 
     # due to semaphore bug we need to do this ourselves
     - name: "force-update requirements"
@@ -16,5 +16,7 @@
       changed_when: false
       failed_when: false
 
-  roles:
-    - role: "common"
+    # execute the role
+    - name: "execute role: common"
+      ansible.builtin.include_role:
+        name: "common"