deploy:
  stage: deploy
  image: python:3.7
  environment:
    name: production
    url: rss.fudiggity.nl
  before_script:
    - pip install ansible --quiet
    - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@git.fudiggity.nl/sonny/ansible-playbooks.git deployment
    - mkdir /root/.ssh
    - echo "192.168.178.63 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbtcdgJBhVCKsO88cV19EYefDTopdYejEQCp1pYr1Ga" > /root/.ssh/known_hosts
    - echo "$DEPLOY_KEY" > deployment/deploy_key && chmod 0600 deployment/deploy_key
    - mkdir /root/.vaults
    - echo "$VAULT_PASSWORD" > /root/.vaults/newsreader && chmod 0600 /root/.vaults/newsreader
  script:
    - >
      ansible-playbook deployment/playbook.yml
      --inventory deployment/apps.yml
      --limit newsreader
      --user ansible
      --private-key deployment/deploy_key
      --vault-password-file /root/.vaults/newsreader
  only:
    - master