feat: initial commit
This commit is contained in:
commit
29bec6f965
17 changed files with 343 additions and 0 deletions
32
.gitlab/deployment.yaml
Normal file
32
.gitlab/deployment.yaml
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
# deploy ansible/roles/common code
|
||||
deployment:
|
||||
stage: "deployment"
|
||||
image:
|
||||
name: "cr.simoncor.net/siempie/ssh-client:v25.06.03"
|
||||
entrypoint: ["/bin/sh", "-c"]
|
||||
rules:
|
||||
|
||||
# run only on push to default branch
|
||||
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
- when: "never"
|
||||
|
||||
# prepare ssh
|
||||
before_script:
|
||||
|
||||
# prepare ssh
|
||||
- |
|
||||
# prepare ssh
|
||||
mkdir -p ~/.ssh
|
||||
chmod 700 ~/.ssh
|
||||
echo "$SSH_CONFIG" > ~/.ssh/config
|
||||
echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
|
||||
chmod 600 ~/.ssh/id_ed25519
|
||||
|
||||
# deployment commands
|
||||
script:
|
||||
|
||||
- |
|
||||
# install ansible roles dependancies
|
||||
ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER \
|
||||
"sudo /usr/local/bin/ansible-galaxy install -r /etc/ansible/roles/requirements.yaml --force"
|
||||
18
.gitlab/gitleaks.yaml
Normal file
18
.gitlab/gitleaks.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
|
||||
# gitleaks
|
||||
gitleaks:
|
||||
stage: "gitleaks"
|
||||
image:
|
||||
name: "ghcr.io/gitleaks/gitleaks:latest"
|
||||
variables:
|
||||
GIT_DEPTH: 1
|
||||
rules:
|
||||
|
||||
# run only on push to default branch
|
||||
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
- when: "never"
|
||||
|
||||
# start linting
|
||||
script:
|
||||
- "gitleaks detect --source . --verbose --redact --max-decode-depth 1"
|
||||
30
.gitlab/linting.yaml
Normal file
30
.gitlab/linting.yaml
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
|
||||
# linting
|
||||
ansible-lint:
|
||||
stage: "linting"
|
||||
image: "docker.io/pipelinecomponents/ansible-lint:0.79.0"
|
||||
rules:
|
||||
|
||||
# run only on push to default branch
|
||||
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
- when: "never"
|
||||
|
||||
# start linting
|
||||
script:
|
||||
- "ansible-lint -c .ansible-lint ."
|
||||
|
||||
# yamllint
|
||||
yamllint:
|
||||
stage: "linting"
|
||||
image: "registry.gitlab.com/pipeline-components/yamllint:0.35.0"
|
||||
rules:
|
||||
|
||||
# run only on push to default branch
|
||||
- if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
- when: "never"
|
||||
|
||||
script:
|
||||
|
||||
# run yamllint
|
||||
- "yamllint ."
|
||||
Loading…
Add table
Add a link
Reference in a new issue