Skip to content

Ansible Playbook

This job enables you to run an Ansible playbook within the Gitlab CI/CD environment.

There is also an additional job defined that enables you to specify a project to run an automated update of it's git submodules. This is useful if the project you create the job in, is used as a git submodule in another project. On pushing to the development branch, this job triggers the Git.Submodules.Update.Chores job that updates the specified projects git submodules.

your .gitlab-ci.yml changes

  • Mandatory In addition to the previous dependency, this requirement is for the project specified in the trigger job. The following must be added to the .gitlab-ci.yml file in that project.
include:
  - project: nofusscomputing/projects/gitlab-ci
    ref: master
    file:
      - .gitlab-ci_common.yaml
      - automation/template/automagic.gitlab-ci.yaml

To use the ansible playbook job add the following to your .gitlab-ci.yml file.

stages:
    - chores

include:
  - project: nofusscomputing/projects/gitlab-ci
    ref: master
    file:
      - automation/.gitlab-ci-ansible.yaml

Ansible Job:
  extends: .ansible_playbook
  variables:
    ansible_playbook: 'git_configuration.yaml'
    ansible_tags: 'submodule'
    PIPELINE_RUN_TRIGGER: 'false'
    PIPELINE_RUN_SCHEDULE: 'false'

To run the trigger job to update another projects git submodules. add the following to your .gitlab-ci.yml file

stages:
    - publish

include:
  - project: nofusscomputing/projects/gitlab-ci
    ref: master
    file:
      - automation/.gitlab-ci-ansible.yaml

Docker_Mail.Submodule.Deploy:
  extends: .submodule_update_trigger
  variables:
    SUBMODULE_UPDATE_TRIGGER_PROJECT: nofusscomputing/projects/docker-mail

Tip

In addition to the variables below, you can also specify any additional Environment variables for use by Ansible within the container. Refer to the Ansible configuration documentation for further details

Job: .ansible_playbook

This job runs an Ansible playbook using the nofusscomputing/ansible-ee:dev Docker image.

Stage: Chores

This job is responsible for executing an Ansible playbook. It can be customized by setting the following variables:

Variables

  • ansible_inventory: The Ansible inventory file.

  • ansible_playbook: The name of the Ansible playbook file.

  • ansible_tags: The tags to be applied during playbook execution.

Rules

  • Rule 1: If the NFC_AUTO_JOBS variable is set to "false", the job will never run.

  • Rule 2: If the pipeline is triggered by a schedule and PIPELINE_RUN_SCHEDULE is set to "true", the job will run only if the .nfc_automation.yaml file exists.

  • Rule 3: If the pipeline is triggered by an API call, another pipeline, a trigger, or a parent pipeline, and PIPELINE_RUN_TRIGGER is set to "true", the job will run only if the .nfc_automation.yaml file exists.

  • Rule 4: If the pipeline is triggered by a push to the development branch, the job will run only if the .nfc_automation.yaml file exists. see Documentation for file details.

  • Rule 5: This rule prevents the job from running under any circumstances.

Job: .ansible_playbook_git_submodule

This job extends the .ansible_playbook job and is specifically used for running the git_configuration.yaml playbook with the submodule tags.

Stage: Chores

This job is responsible for executing the git_configuration.yaml playbook with the submodule tags.

Variables

  • ansible_playbook: The name of the Ansible playbook file (git_configuration.yaml).

  • ansible_tags: The tags to be applied during playbook execution (submodule).

Rules

  • Rule 1: If the NFC_AUTO_JOBS variable is set to "false", the job will never run.

  • Rule 2: If the pipeline is triggered by a schedule and PIPELINE_RUN_SCHEDULE is set to "true", the job will run only if the .nfc_automation.yaml file exists.

  • Rule 3: If the pipeline is triggered by an API call, another pipeline, a trigger, or a parent pipeline, and PIPELINE_RUN_TRIGGER is set to "true", the job will run only if the .nfc_automation.yaml file exists. see Documentation for file details.

  • Rule 4: If the pipeline is triggered by a push to the development branch, the job will run only if the .nfc_automation.yaml file exists.

  • Rule 5: This rule prevents the job from running under any circumstances.

Job: .submodule_update_trigger

This job triggers a pipeline in another project.

Stage: Publish

This job is responsible for triggering a pipeline in another project.

Variables

  • PIPELINE_RUN_TRIGGER: The flag to indicate if the triggered pipeline should run (true).

Rules

  • Rule 1: If the pipeline is triggered by a push to the master or development branch, and there is no associated tag, the job will run on successful completion.

  • Rule 2: This rule prevents the job from running under any other circumstances.

Artifacts

  • None

gitlab-ci.yml definition

.gitlab-ci.yml
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
---
# This yaml is intended to run ansible jobs using nfc's ansible-ee image

include:
  - local: $JOB_ROOT_DIR/.gitlab-ci_common.yaml


.ansible_playbook:
  image:
    name: nofusscomputing/ansible-ee:dev
    pull_policy: always
  stage: chores
  variables:
    ansible_inventory: ''
    ansible_playbook: ''
    ansible_tags: ''
    ANSIBLE_FORCE_COLOR: 'true'
  script:
    - if [ "0$ansible_inventory" != '0' ]; then ansible_inventory=-i $ansible_inventory; fi
    - if [ "0$ansible_tags" != '0' ]; then ansible_tags=$(echo -n "--tags $ansible_tags"); fi
    - echo "[DEBUG] ansible_inventory=$ansible_inventory"
    - echo "[DEBUG] ansible_playbook=$ansible_playbook"
    - echo "[DEBUG] ansible_tags=$ansible_tags"
    - echo "[TRACE] ********************************** start ******************************************"
    - export
    - echo "[TRACE] *********************************** end *******************************************"
    - ansible-playbook $ansible_inventory $ANSIBLE_PLAYBOOK_DIR/$ansible_playbook $ansible_tags --extra-vars "nfc_pb_host=localhost" -vvv
  rules:
  # ToDo: at some stage redefine these rules so that the job can run if specified.
    # - if: '$NFC_AUTO_JOBS == "false"'
    #   when: never

    # - if: '$CI_PIPELINE_SOURCE == "schedule" && $PIPELINE_RUN_SCHEDULE == "true"'
    #   exists:
    #     - ".nfc_automation.yaml"
    #   when: always

    # - if: 
    #     (
    #       $CI_PIPELINE_SOURCE == "api"
    #         || 
    #       $CI_PIPELINE_SOURCE == "pipeline"
    #         || 
    #       $CI_PIPELINE_SOURCE == "trigger" 
    #         || 
    #       $CI_PIPELINE_SOURCE == "parent_pipeline"
    #     ) && 
    #     $PIPELINE_RUN_TRIGGER == "true"
    #   exists:
    #     - ".nfc_automation.yaml"
    #   when: always


    # - if: # condition_dev_branch_push
    #     $CI_COMMIT_BRANCH == "development" && 
    #     $CI_PIPELINE_SOURCE == "push"
    #   exists:
    #     - ".nfc_automation.yaml"
    #   when: always

    # # this if for testing only
    # # - if: '$CI_PIPELINE_SOURCE == "push"'
    # #   when: always
    # #   exists:
    # #     - ".nfc_automation.yaml"
    - when: never


.ansible_playbook_git_submodule:
  extends: .ansible_playbook
  variables:
    ansible_playbook: 'git_configuration.yaml'
    ansible_tags: 'submodule'
  rules:
    - if: '$NFC_AUTO_JOBS == "false"'
      when: never

    - if: '$CI_PIPELINE_SOURCE == "schedule" && $PIPELINE_RUN_SCHEDULE == "true"'
      exists:
        - ".nfc_automation.yaml"
      when: always

    - if: 
        (
          $CI_PIPELINE_SOURCE == "api"
            || 
          $CI_PIPELINE_SOURCE == "pipeline"
            || 
          $CI_PIPELINE_SOURCE == "trigger" 
            || 
          $CI_PIPELINE_SOURCE == "parent_pipeline"
        ) && 
        $PIPELINE_RUN_TRIGGER == "true"
      exists:
        - ".nfc_automation.yaml"
      when: always

    - if: # condition_dev_branch_push
        $CI_COMMIT_TAG == null &&
        $CI_COMMIT_BRANCH == "development" && 
        $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development" && 
        $CI_PIPELINE_SOURCE != "push"
      exists:
        - ".nfc_automation.yaml"
      when: always

    # this if for testing only
    # - if: '$CI_PIPELINE_SOURCE == "push"'
    #   when: always
    #   exists:
    #     - ".nfc_automation.yaml"
    - when: never


.submodule_update_trigger:
  stage: publish
  # trigger:
  #   project: $SUBMODULE_UPDATE_TRIGGER_PROJECT
  #   branch: development
  # inherit:
  #   variables: false
  script: 
  # use script to trigger pipeline instead of trigger keyword. 
  # this is due to trigger keyword not allowing environment keyword.
    - export TRIGGER_PROJECT_PATH=$(python3 -c "import urllib.parse, sys; print('$SUBMODULE_UPDATE_TRIGGER_PROJECT'.replace('/', '%2F'))")
    - echo "[DEBUG] TRIGGER_PROJECT_PATH=$TRIGGER_PROJECT_PATH"
    - |
      curl \
        --request POST \
        --form "token=$CI_JOB_TOKEN" \
        --form ref=development \
        --form "variables[GIT_CONFIG_SUBMODULE_NAME]=$GIT_CONFIG_SUBMODULE_NAME" \
        --form "variables[PIPELINE_RUN_TRIGGER]=$PIPELINE_RUN_TRIGGER" \
        --form "variables[GIT_COMMIT_TYPE]=$GIT_COMMIT_TYPE" \
        --form "variables[GIT_COMMIT_TYPE_CATEGORY]=$GIT_COMMIT_TYPE_CATEGORY" \
      "https://gitlab.com/api/v4/projects/$TRIGGER_PROJECT_PATH/trigger/pipeline"
  environment: 
    name: $SUBMODULE_UPDATE_TRIGGER_PROJECT
    url: https://gitlab.com/$SUBMODULE_UPDATE_TRIGGER_PROJECT
  variables:
    PIPELINE_RUN_TRIGGER: 'true'
    GIT_CONFIG_SUBMODULE_NAME: $CI_PROJECT_NAME
  rules:
    - if: # condition_master_or_dev_push
        (
          $CI_COMMIT_BRANCH == "master" || 
          $CI_COMMIT_BRANCH == "development" 
        ) && 
        $CI_PIPELINE_SOURCE == "push" &&
        $CI_COMMIT_TAG == null
      when: on_success

    - when: never


.ansible_playbook_mr_from_issue_comment_patch:
  extends: .ansible_playbook
  variables:
    ansible_playbook: 'git_configuration.yaml'
    ansible_tags: 'gitlab_issue_patches'
    PIPELINE_RUN_TRIGGER: 'false'
    PIPELINE_RUN_SCHEDULE: 'false'
  needs: []
  rules:
    - if: '$NFC_AUTO_JOBS == "false"'
      when: never
    - if: 
        $CI_COMMIT_TAG == null &&
        $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development" && 
        $CI_PIPELINE_SOURCE != "push" &&
        $CI_COMMIT_BRANCH != 'master' &&
        $CI_COMMIT_BRANCH != 'automated-tasks' &&
        $CI_COMMIT_BRANCH == 'development'
      exists:
        - ".nfc_automation.yaml"
      when: always
    - when: never

About:

This page forms part of our Project Gitlab-CI.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2023-05-29
Date Edited: 2023-06-10

Contribution:

Would You like to contribute to our Gitlab-CI project? You can assist in the following ways:

 

ToDo: Add the page list of contributors