deploy:
  stage: deploy
  image: python:3.7
  environment:
    name: production
    url: rss.fudiggity.nl
  rules:
    - if: $CI_COMMIT_TAG
  before_script:
    - pip install ansible --quiet
    - git clone https://git.fudiggity.nl/sonny/ansible-playbooks.git deployment
    - mkdir /root/.ssh && echo "$DEPLOY_HOST_KEY" > /root/.ssh/known_hosts
  script:
    - >
      ansible-playbook deployment/playbook.yml
      --inventory deployment/apps.yml
      --limit newsreader
      --user ansible
      --private-key "$DEPLOY_KEY"
      --vault-password-file "$VAULT_FILE"