---
kind: pipeline
type: docker
name: Ansible-Playbook

trigger:
  branch:
    - main
  event:
    include:
      - push
      - custom

environment:
  ANSIBLE_FORCE_COLOR: true
  ANSIBLE_HOME: /drone/src/.ansible
  ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"

node:
  ansible: "true"

steps:
  - name: Prepare Secrets
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    environment:
      VAULT_PASS:
        from_secret: vault_pass
      SSH_KEY:
        from_secret: ssh_key
    commands:
      - echo $${VAULT_PASS} > /drone/src/vault_pass
      - echo $${SSH_KEY} | base64 -d > /drone/src/ssh_key
      - chmod 600 /drone/src/ssh_key
      - chmod 600 /drone/src/vault_pass
  - name: Prepare Runner
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    commands:
      - cd coreos-config
      - mkdir $ANSIBLE_HOME
      - ansible-galaxy install -r requirements.yaml
      - ansible-playbook --private-key ../ssh_key --inventory=inventory.yaml runner-pre.yaml
  - name: Run Ansible
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    commands:
      - cd coreos-config
      - ansible-playbook --limit ci_apply --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml
  - name: Validate Ansible
    image: registry.tobiasmanske.de/ansible-runner:latest
    pull: always
    environment:
      ANSIBLE_VAULT_PASSWORD_FILE: "/drone/src/vault_pass"
      ANSIBLE_FORCE_COLOR: "true"
    commands:
      - cd coreos-config
      - ansible-galaxy install -r requirements.yaml
      - ansible-playbook --limit ci_apply --check --private-key ../ssh_key --inventory=inventory.yaml playbook.yaml

image_pull_secrets:
  - registry