---
kind: pipeline
type: docker
name: Ansible-Playbook

trigger:
  branch:
    - main
  event:
    include:
      - push
      - custom

environment:
  ANSIBLE_FORCE_COLOR: true
  ANSIBLE_HOME: /drone/src/.ansible
  SUMMON_PROVIDER: /drone/src/summon-wrapper
  PASSAGE_DIR: /drone/src/.passage/store
  PASSAGE_IDENTITIES_FILE: /drone/src/ssh_key

node:
  ansible: "true"

steps:
  - name: Prepare Secrets
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    environment:
      SSH_KEY:
        from_secret: ssh_key
      GIT_SSH_COMMAND: ssh -i /drone/src/ssh_key -o StrictHostKeyChecking=no
    commands:
      - echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key
      - chmod 600 /drone/src/ssh_key
      - git clone ssh://git@git.tobiasmanske.de:7779/tobias/infrastructure-vault.git $${PASSAGE_DIR}
  - name: Prepare Runner
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    commands:
      - cd ansible
      - mkdir $ANSIBLE_HOME
      - ansible-galaxy install -r requirements.yaml
      - summon ansible-playbook --inventory=inventory.yaml runner-pre.yaml
  - name: Run Terraform
    image: registry.tobiasmanske.de/terraform-runner:latest
    pull: always
    commands:
      - cd tf-stage-1
      - summon terraform init -input=false
      - summon terraform apply -auto-approve -input=false
  - name: Run Ansible
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    commands:
      - cd ansible
      - summon ansible-playbook --inventory=inventory.yaml playbook.yaml
  - name: Validate Ansible
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    environment:
      ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
      ANSIBLE_FORCE_COLOR: "true"
    commands:
      - cd ansible
      - ansible-galaxy install -r requirements.yaml
      - summon ansible-playbook --check --inventory=inventory.yaml playbook.yaml

image_pull_secrets:
  - registry