deploy:
  stage: deploy
  image: python:3.7
  environment:
    name: production
    url: rss.fudiggity.nl
  rules:
    - if: $CI_COMMIT_TAG
  before_script:
    - pip install ansible --quiet
    - git clone https://git.fudiggity.nl/ansible/newsreader.git deployment --branch master
    - cd deployment
    - ansible-galaxy install -r roles/requirements.yml
    - mkdir /root/.ssh && echo "$DEPLOY_HOST_KEY" > /root/.ssh/known_hosts
    - echo "$DEPLOY_KEY" > deploy_key && chmod 0600 deploy_key
    - echo "$VAULT_PASSWORD" > vault
  script:
    - >
      ansible-playbook playbook.yml
      --inventory inventory.yml
      --private-key deploy_key
      --vault-password-file vault