# Gitlab CI

## Import jobs

```yaml title=".gitlab-ci.yml"
---

# gitLab ci stages
stages:

  # deployment
  - "gitleaks"
  - "linting"
  - "deployment"

# include jobs
include:

  # deployment
  - local: ".gitlab/gitleaks.yaml"
  - local: ".gitlab/linting.yaml"
  - local: ".gitlab/deployment.yaml"
```

## Run a docker container

```yaml title=".gitlab/workflows/linting.yaml"
---

# linting
linting:
  stage: "linting"
  image:
    name: "cr.simoncor.net/siempie/ansible-deployment:latest"
    entrypoint: ["/bin/sh", "-c"]
  rules:

    # run only on push to default branch
    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
    - when: "never"

  # start linting
  script:
    - "ansible-lint -c .ansible-lint ."
```

## Run a SSH command

```yaml title=".gitlab/workflows/deployment.yaml"
---

# deploy ansible code
deployment:
  stage: "deployment"
  image: "cr.simoncor.net/siempie/ssh-client:latest"
  rules:

    # run only on push to default branch
    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH ==
           $CI_DEFAULT_BRANCH'
    - when: "never"

  # prepare ssh
  before_script:

    - |
        # prepare ssh
        mkdir -p ~/.ssh
        chmod 700 ~/.ssh
        echo "$SSH_CONFIG" > ~/.ssh/config
        echo "$SSH_DEPLOYMENT_KEY" > ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519

  # deployment commands
  script:

    - |
        # git cleanup
        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/bin/git -C /etc/ansible reset --hard HEAD --quiet"
        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/bin/git -C /etc/ansible clean -fx --exclude=secret.key"
        ssh $SSH_DEPLOYMENT_USER@$ANSIBLE_SERVER "sudo /usr/bin/git -C /etc/ansible clean -fd"
```