add gitlab component templates

actions/gitlab/ansible/run.yml

@@ -0,0 +1,51 @@
+---
+spec:
+  inputs:
+    as:
+      default: run-ansible
+    stage:
+      default: ansible
+
+    root_dir:
+      default: ${CI_PROJECT_DIR}/ansible
+      description: 'Root directory for the Ansible config and playbooks.'
+    project_file:
+      description: 'Ansible Playbook to run.'
+    inventory_file:
+      default: ${CI_PROJECT_DIR}/ansible/inventory
+      description: 'Ansible Inventory File'
+
+    remote_ssh:
+      description: 'Remote ssh'
+
+---
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image:
+    name: alpine:latest
+    entrypoint: [""]
+  variables:
+    PROJECT_DIR: "$[[ inputs.root_dir ]]"
+    PROJECT_FILE: "$[[ inputs.project_file ]]"
+    INVENTORY_FILE: "$[[ inputs.inventory_file ]]"
+    SSH_KEY: "$[[ inputs.remote_ssh ]]"
+  before_script: |
+    echo "Before → Executing..."
+    echo "Before → Installing dependencies"
+    apk add --no-cache openssh-client ansible-core
+    echo "Before → Enter Ansible root directory"
+    cd ${PROJECT_DIR}
+    echo "Before → Adding ssh key"
+    echo "${SSH_KEY}" > id_rsa && chmod 600 id_rsa
+    eval $(ssh-agent -s)
+    ssh-add id_rsa
+    echo "Before → Setting additional environment variables"
+    export ANSIBLE_HOST_KEY_CHECKING=false
+  script: |
+    echo "Script → Executing..."
+    echo "Script → Run Ansible Playbooks"
+    ansible-playbook -i ${INVENTORY_FILE} ${PROJECT_FILE}
+  rules:
+    - if: '$CI_COMMIT_REF_NAME == "main"'
+      changes:
+        - '$[[ inputs.root_dir ]]/$[[ inputs.project_file ]]'

actions/gitlab/ansible/test.yml

@@ -0,0 +1,39 @@
+---
+spec:
+  inputs:
+    as:
+      default: test-ansible
+    stage:
+      default: test
+
+    root_dir:
+      default: ${CI_PROJECT_DIR}/ansible
+      description: 'Root directory for the Ansible config and playbooks.'
+    project_file:
+      description: 'Ansible Playbook to run.'
+
+---
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image:
+    name: alpine:latest
+    entrypoint: [""]
+  variables:
+    ANSIBLE_DIR: "$[[ inputs.root_dir ]]"
+    PROJECT_FILE: "$[[ inputs.project_file ]]"
+  before_script: |
+    echo "Before → Executing..."
+    echo "Before → Enter Ansible root directory"
+    cd ${ANSIBLE_DIR}
+  script: |
+    echo "Script → Executing..."
+    echo "Before → Installing dependencies"
+    apk add --no-cache ansible-core
+    echo "Script → Test Ansible Playbooks"
+    ansible-lint ${PROJECT_FILE}
+  rules:
+    - if: |
+        $CI_PIPELINE_SOURCE == "push" ||
+        $CI_PIPELINE_SOURCE == "merge_request_event"
+      changes:
+        - '$[[ inputs.root_dir ]]/**'

actions/gitlab/docker/config.yml

@@ -0,0 +1,73 @@
+---
+spec:
+  inputs:
+    as:
+      default: config-docker
+    stage:
+      default: config
+
+    config_dir:
+      default: ${CI_PROJECT_DIR}
+      description: 'Config directory to copy.'
+    project_file:
+      default: 'compose.yaml'
+      description: 'Docker Compose file to use.'
+
+    remote_host:
+      description: 'Remote host'
+    remote_user:
+      description: 'Remote user'
+    remote_ssh:
+      description: 'Remote ssh'
+
+    remote_config:
+      default: ${CI_PROJECT_DIR}
+      description: 'Target directory on the remote server for the config.'
+    remote_dir:
+      default: ${CI_PROJECT_DIR}
+      description: 'Directory on the remote server for the Docker Compose project.'
+
+
+    restart:
+      default: 'false'
+      description: 'Restart the remote compose project after config update?'
+
+---
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image: alpine:latest
+  variables:
+    CONFIG_DIR: "$[[ inputs.config_dir ]]"
+    PROJECT_FILE: "$[[ inputs.project_file ]]"
+    SSH_KEY: "$[[ inputs.remote_ssh ]]"
+    REMOTE_HOST: "$[[ inputs.remote_host ]]"
+    REMOTE_USER: "$[[ inputs.remote_user ]]"
+    REMOTE_CONFIG: "$[[ inputs.remote_config ]]"
+    REMOTE_PATH: "$[[ inputs.remote_dir ]]"
+    RESTART: "$[[ inputs.restart ]]"
+  before_script: |
+    echo "Before → Executing..."
+    echo "Before → Installing dependencies"
+    apk add --no-cache openssh-client
+    echo "Before → Adding ssh key"
+    echo "$SSH_KEY" > id_rsa && chmod 600 id_rsa
+    eval $(ssh-agent -s)
+    ssh-add id_rsa
+  script: |
+    echo "Script → Executing..."
+    echo "Script → Copying config file to remote host"
+    ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST "mkdir -p $REMOTE_CONFIG"
+    scp -o StrictHostKeyChecking=no $CONFIG_DIR/* $REMOTE_USER@$REMOTE_HOST:$REMOTE_CONFIG
+    echo "Script → Executing remote commands"
+    ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST<<EOF
+      if [ '$RESTART' = 'true' ]; then
+        echo "Script → Restarting services"
+        docker compose -f $REMOTE_PATH/$PROJECT_FILE down --remove-orphans
+        docker compose -f $REMOTE_PATH/$PROJECT_FILE up -d
+      fi
+    EOF
+    echo "Script ✓ Done"
+  rules:
+    - if: '$CI_COMMIT_REF_NAME == "main"'
+      changes:
+        - '$[[ inputs.config_dir ]]/**'

actions/gitlab/docker/deploy.yml

@@ -0,0 +1,80 @@
+---
+spec:
+  inputs:
+    as:
+      default: deploy-docker
+    stage:
+      default: deploy
+
+    root_dir:
+      default: ${CI_PROJECT_DIR}
+      description: 'Root directory for the Docker Compose project.'
+    project_file:
+      default: 'compose.yaml'
+      description: 'Docker Compose file to use.'
+
+    remote_host:
+      description: 'Remote host'
+    remote_user:
+      description: 'Remote user'
+    remote_ssh:
+      description: 'Remote ssh'
+
+    remote_dir:
+      default: ${CI_PROJECT_DIR}
+      description: 'Directory on the remote server for the Docker Compose project.'
+
+    docker_login:
+      default: 'true'
+      description: 'Login to Docker on the remote server?'
+    docker_user:
+      default: ${DOCKER_USER}
+      description: 'Docker user on the remote server'
+    docker_password:
+      default: ${DOCKER_PASSWORD}
+      description: 'Docker group on the remote server'
+
+---
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image: docker:latest
+  variables:
+    PROJECT_DIR: "$[[ inputs.root_dir ]]"
+    PROJECT_FILE: "$[[ inputs.project_file ]]"
+    SSH_KEY: "$[[ inputs.remote_ssh ]]"
+    REMOTE_HOST: "$[[ inputs.remote_host ]]"
+    REMOTE_USER: "$[[ inputs.remote_user ]]"
+    REMOTE_PATH: "$[[ inputs.remote_dir ]]"
+    DOCKER_LOGIN: "$[[ inputs.docker_login ]]"
+    DOCKER_USER: "$[[ inputs.docker_user ]]"
+    DOCKER_PASSWORD: "$[[ inputs.docker_password ]]"
+  before_script: |
+    echo "Before → Executing..."
+    cd $PROJECT_DIR
+    echo "Before → Installing dependencies"
+    apk add --no-cache openssh-client
+    echo "Before → Adding ssh key"
+    echo "$SSH_KEY" > id_rsa && chmod 600 id_rsa
+    eval $(ssh-agent -s)
+    ssh-add id_rsa
+  script: |
+    echo "Script → Executing..."
+    echo "Script → Copying docker compose file to remote host"
+    ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST "mkdir -p $REMOTE_PATH"
+    scp -o StrictHostKeyChecking=no $PROJECT_FILE $REMOTE_USER@$REMOTE_HOST:$REMOTE_PATH
+    echo "Script → Executing remote commands"
+    ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST<<EOF
+      if [ '$DOCKER_LOGIN' = 'true' ]; then
+        echo "Script → Logging into docker hub"
+        docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
+      fi
+      echo "Script → Pulling and restarting services"
+      docker compose -f $REMOTE_PATH/$PROJECT_FILE pull -q
+      docker compose -f $REMOTE_PATH/$PROJECT_FILE down --remove-orphans
+      docker compose -f $REMOTE_PATH/$PROJECT_FILE up -d
+    EOF
+    echo "Script ✓ Done"
+  rules:
+    - if: '$CI_COMMIT_REF_NAME == "main"'
+      changes:
+        - '$[[ inputs.root_dir ]]/$[[ inputs.project_file ]]'

actions/gitlab/docker/test.yml

@@ -0,0 +1,35 @@
+---
+spec:
+  inputs:
+    as:
+      default: test-docker
+    stage:
+      default: test
+
+    root_dir:
+      default: ${CI_PROJECT_DIR}
+      description: 'Root directory for the Docker Compose project.'
+    project_file:
+      default: 'compose.yaml'
+      description: 'Docker Compose file to use.'
+
+---
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image: docker:latest
+  variables:
+    PROJECT_DIR: "$[[ inputs.root_dir ]]"
+    PROJECT_FILE: "$[[ inputs.project_file ]]"
+  before_script:
+    - cd $PROJECT_DIR
+  script:
+    - docker compose -f $PROJECT_FILE config --quiet
+  rules:
+    - if: '$CI_COMMIT_REF_NAME == "main"'
+      changes:
+        - '$[[ inputs.root_dir ]]/$[[ inputs.project_file ]]'
+    - if: |
+        $CI_PIPELINE_SOURCE == "push" ||
+        $CI_PIPELINE_SOURCE == "merge_request_event"
+      changes:
+        - '$[[ inputs.root_dir ]]/$[[ inputs.project_file ]]'

actions/gitlab/terraform/apply.yml

@@ -0,0 +1,53 @@
+---
+spec:
+  inputs:
+    as:
+      default: apply-terraform
+    stage:
+      default: terraform
+
+    root_dir:
+      default: ${CI_PROJECT_DIR}/terraform
+      description: 'Root directory for the OpenTofu project.'
+    state_name:
+      default: default
+      description: 'Remote OpenTofu state name.'
+
+---
+variables:
+  TF_ROOT: "$[[ inputs.root_dir ]]"
+  TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/$[[ inputs.state_name ]]
+  TF_USERNAME: gitlab-ci-token
+  TF_PASSWORD: ${CI_JOB_TOKEN}
+
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image:
+    name: ghcr.io/opentofu/opentofu:latest
+    entrypoint: [""]
+  before_script: |
+    echo "Before → Executing..."
+    echo "Before → Enter TF root directory"
+    cd ${TF_ROOT}
+  script: |
+    echo "Script → Executing..."
+    echo "Script → Initialize Terraform backend"
+    tofu init \
+     -backend-config=address=${TF_ADDRESS} \
+     -backend-config=lock_address=${TF_ADDRESS}/lock \
+     -backend-config=unlock_address=${TF_ADDRESS}/lock \
+     -backend-config=username=${TF_USERNAME} \
+     -backend-config=password=${TF_PASSWORD} \
+     -backend-config=lock_method=POST \
+     -backend-config=unlock_method=DELETE \
+     -backend-config=retry_wait_min=5
+    echo "Script → Validate Terraform"
+    tofu validate
+    echo "Script → Plan Terraform"
+    tofu plan -lock=false -out=tfplan
+    echo "Script → Apply Terraform"
+    tofu apply -lock=false -auto-approve tfplan
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      changes:
+        - '$[[ inputs.root_dir ]]/**'

actions/gitlab/terraform/validate.yml

@@ -0,0 +1,51 @@
+---
+spec:
+  inputs:
+    as:
+      default: validate-terraform
+    stage:
+      default: test
+
+    root_dir:
+      default: ${CI_PROJECT_DIR}/terraform
+      description: 'Root directory for the OpenTofu project.'
+    state_name:
+      default: default
+      description: 'Remote OpenTofu state name.'
+
+---
+variables:
+  TF_ROOT: "$[[ inputs.root_dir ]]"
+  TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/$[[ inputs.state_name ]]
+  TF_USERNAME: gitlab-ci-token
+  TF_PASSWORD: ${CI_JOB_TOKEN}
+
+'$[[ inputs.as ]]':
+  stage: '$[[ inputs.stage ]]'
+  image:
+    name: ghcr.io/opentofu/opentofu:latest
+    entrypoint: [""]
+  before_script: |
+    echo "Before → Executing..."
+    echo "Before → Enter TF root directory"
+    cd ${TF_ROOT}
+  script: |
+    echo "Script → Executing..."
+    echo "Script → Initialize Terraform backend"
+    tofu init \
+     -backend-config=address=${TF_ADDRESS} \
+     -backend-config=lock_address=${TF_ADDRESS}/lock \
+     -backend-config=unlock_address=${TF_ADDRESS}/lock \
+     -backend-config=username=${TF_USERNAME} \
+     -backend-config=password=${TF_PASSWORD} \
+     -backend-config=lock_method=POST \
+     -backend-config=unlock_method=DELETE \
+     -backend-config=retry_wait_min=5
+    echo "Script → Validate Terraform"
+    tofu validate
+  rules:
+    - if: |
+        $CI_PIPELINE_SOURCE == "push" ||
+        $CI_PIPELINE_SOURCE == "merge_request_event"
+      changes:
+        - '$[[ inputs.root_dir ]]/**'