steps:
  syntax-check:
    image: alpine/ansible:latest
    environment:
      ANSIBLE_CONFIG: ansible.cfg
    commands:
      - ansible-playbook -i ansible/inventory/hosts.yml --syntax-check ansible/playbooks/*.yml

  validate:
    image: alpine/ansible:latest
    environment:
      ANSIBLE_CONFIG: ansible.cfg
      SSH_PRIVATE_KEY:
        from_secret: SSH_PRIVATE_KEY
    commands:
      - mkdir -p ~/.ssh
      - echo "$${SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_rsa
      - chmod 600 ~/.ssh/id_rsa
      - ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/validate.yml

  drift-check:
    image: alpine/ansible:latest
    environment:
      ANSIBLE_CONFIG: ansible.cfg
      SSH_PRIVATE_KEY:
        from_secret: SSH_PRIVATE_KEY
    commands:
      - mkdir -p ~/.ssh
      - echo "$${SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_rsa
      - chmod 600 ~/.ssh/id_rsa
      - ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/drift-check.yml
    when:
      event: pull_request

  deploy:
    image: alpine/ansible:latest
    environment:
      ANSIBLE_CONFIG: ansible.cfg
      SSH_PRIVATE_KEY:
        from_secret: SSH_PRIVATE_KEY
    commands:
      - mkdir -p ~/.ssh
      - echo "$${SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_rsa
      - chmod 600 ~/.ssh/id_rsa
      - ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/apply.yml
    when:
      branch: master
      event: push