main.yml
---
#
- name: Add EDA files to AAP Organization
hosts: localhost
gather_facts: true
pre_tasks:
- name: Get vars
ansible.builtin.include_vars: env_vars.yml
no_log: true
tasks:
- name: Set vault_secret CI/CD variables
community.general.gitlab_project_variable:
api_url: "{{ gitlab_protocol }}{{ gitlab_url }}"
validate_certs: "{{ gitlab_validate_certs }}"
api_username: "{{ gitlab_user_username }}"
api_password: "{{ gitlab_user_password }}"
project: "{{ gitlab_group }}/{{ team_project_name }}"
purge: false
variables:
- name: VAULT_PASSWORD
value: "{{ team_password }}"
masked: true
protected: false
environment_scope: '*'
- name: Clone the gitlab team repository # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab.wf"
git config --global http.sslVerify "false"
git clone "{{ gitlab_protocol }}oauth:{{ token }}@{{ gitlab_url }}{{ gitlab_group }}/{{ team_project_name }}.git"
args:
chdir: /tmp
changed_when: true
no_log: true
- name: Checkout the branch to push # noqa: command-instead-of-module
ansible.builtin.shell: |
git config --global user.name "{{ gitlab_user_username }}"
git config --global user.email "{{ gitlab_user_username }}@homelab.wf"
git config --global http.sslVerify "false"
git checkout -b initial
args:
chdir: "/tmp/{{ team_project_name }}"
changed_when: true
- name: Create the list with envs
ansible.builtin.set_fact:
env_list: |-
[
{%- for env in code_environment_vars -%}
'{{ env }}'
{%- if not loop.last -%},{%- endif -%}
{%- endfor -%}
]
- name: Copy the new playbook files
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/tmp/{{ team_project_name }}/{{ item }}.yml"
mode: "0644"
loop:
- main
- stop_running_rulebooks
- name: Create the list of templates
ansible.builtin.set_fact:
template_files:
- eda_controller_tokens
- eda_credentials
- eda_decision_environments
- eda_event_streams
- eda_projects
- eda_rulebook_activations
- name: Create the loop var
ansible.builtin.set_fact:
template_loop: |-
[
{%- for env in code_environment_vars -%}
{%- for file in template_files -%}
'{{ env }},{{ file }}'
{%- if not loop.last -%},
{%- endif -%}
{%- endfor -%}
{%- if not loop.last -%},
{%- endif -%}
{%- endfor -%}
]
- name: "Template files loop"
ansible.builtin.template:
src: "{{ curr_file.split(',')[-1] }}.yml.j2"
dest: "/tmp/{{ team_project_name }}/group_vars/{{ curr_file.split(',')[0] }}/{{ curr_file.split(',')[-1] }}.yml"
lstrip_blocks: true
mode: "0640"
loop: "{{ template_loop }}"
loop_control:
loop_var: curr_file
- name: Push the updated GitLab repository and create merge request # noqa: command-instead-of-module
ansible.builtin.shell: |
git add --all
git commit -m 'initial config'
git push origin initial -o merge_request.create -o merge_request.target="{{ gitlab_default_branch }}" -o merge_request.merge_when_pipeline_succeeds
args:
chdir: "/tmp/{{ team_project_name }}"
changed_when: false
- name: Delete the tempory directory
ansible.builtin.file:
path: /tmp/{{ team_project_name }}
state: absent
- name: GitLab Post | Obtain Access Token
ansible.builtin.include_tasks:
file: get_gitlab_api_token.yml
- name: Check the pipeline until it has run
ansible.builtin.uri:
url: "{{ gitlab_protocol }}{{ gitlab_url }}api/v4/projects/{{ gitlab_group_safe }}%2F{{ team_project_name }}/jobs"
validate_certs: "{{ gitlab_validate_certs }}"
headers:
Authorization: "Bearer {{ token }}"
register: _jobs_list
failed_when: _jobs_list.json[0].pipeline.status == "failed"
until: (_jobs_list.json[0].pipeline.status == "success") or (_jobs_list.json[0].pipeline.status == "failed")
retries: 30
delay: 15