Refactoriza y renueva trabajos de packaging (15b4b106) · Commits · REDMIC Project / GitLab CI templates

_docker-build.yml

0 → 100644

+37 −0

Original line number	Diff line number	Diff line
		.docker-operations:
		extends: .docker-env
		image: ${DOCKER_BUILD_IMAGE_NAME}:${DOCKER_BUILD_IMAGE_TAG}
		variables:
		DOCKER_BUILD_IMAGE_NAME: pedroetb/docker-build
		DOCKER_BUILD_IMAGE_TAG: latest
		PACKAGED_IMAGE_NAME: ${CI_REGISTRY_IMAGE}/${CI_COMMIT_REF_SLUG}
		PACKAGED_IMAGE_TAG: ${CI_COMMIT_SHA}
		REGISTRY_URL: ${CI_REGISTRY}
		REGISTRY_USER: gitlab-ci-token
		REGISTRY_PASS: ${CI_JOB_TOKEN}

		.docker-build:
		extends: .docker-operations
		stage: package
		script: build

		.docker-tag:
		extends: .docker-operations
		stage: post-package
		dependencies: []
		variables:
		NEW_IMAGE_TAG: ${CI_COMMIT_TAG}

		.docker-tag-gitlab:
		extends: .docker-tag
		script: tag ${PACKAGED_IMAGE_NAME}:${PACKAGED_IMAGE_TAG} ${CI_REGISTRY_IMAGE}:${NEW_IMAGE_TAG}

		.docker-tag-dockerhub:
		extends: .docker-tag
		variables:
		SOURCE_IMAGE_NAME: ${CI_PROJECT_PATH}
		ROOT_NAME: ${DOCKER_HUB_ROOT}
		TARGET_REGISTRY_URL: docker.io
		TARGET_REGISTRY_USER: ${DOCKER_HUB_USER}
		TARGET_REGISTRY_PASS: ${DOCKER_HUB_PASS}
		script: tag ${PACKAGED_IMAGE_NAME}:${PACKAGED_IMAGE_TAG} $(flatten):${NEW_IMAGE_TAG}

_packaging.yml

0 → 100644

+37 −0

Original line number	Diff line number	Diff line
		include:
		- template: Container-Scanning.gitlab-ci.yml

		.docker-env:
		image: ${PACKAGING_IMAGE_NAME}:${PACKAGING_IMAGE_TAG}
		variables:
		PACKAGING_IMAGE_NAME: docker
		PACKAGING_IMAGE_TAG: latest
		DIND_IMAGE_NAME: docker
		DIND_IMAGE_TAG: dind
		DOCKER_HOST: tcp://docker:2375
		DOCKER_DRIVER: overlay2
		services:
		- ${DIND_IMAGE_NAME}:${DIND_IMAGE_TAG}

		lint-dockerfile:
		extends: .docker-env
		stage: pre-package
		dependencies: []
		variables:
		LINT_IMAGE_NAME: hadolint/hadolint
		LINT_IMAGE_TAG: latest
		DOCKERFILE_PATH: Dockerfile
		script:
		- docker run --rm -i ${LINT_IMAGE_NAME}:${LINT_IMAGE_TAG} < ${DOCKERFILE_PATH}
		allow_failure: true
		only:
		- branches
		except:
		- schedules

		container_scanning:
		stage: post-package
		only:
		- branches
		except:
		- schedules

packaging.yml

+13 −95

Original line number	Diff line number	Diff line
		variables:
		PACKAGING_IMAGE: docker:stable
		DIND_IMAGE: docker:dind
		GITLAB_REGISTRY_USER: gitlab-ci-token
		GITLAB_REGISTRY_PASS: ${CI_JOB_TOKEN}
		DOCKER_HUB_ROOT: redmic
		DOCKER_BUILD_ARGS: ''

		.docker-env:
		image: ${PACKAGING_IMAGE}
		variables:
		DOCKER_DRIVER: overlay2
		services:
		- ${DIND_IMAGE}

		.docker:
		extends: .docker-env
		variables:
		DOCKER_DEFAULT_TAGGING: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
		before_script:
		- docker login -u ${GITLAB_REGISTRY_USER} -p ${GITLAB_REGISTRY_PASS} ${CI_REGISTRY}

		.docker-operations:
		stage: package
		extends: .docker
		after_script:
		- docker push ${CI_REGISTRY_IMAGE}

		.docker-operations-build:
		extends: .docker-operations
		script:
		- docker pull ${CI_REGISTRY_IMAGE}:latest \|\| true
		- >
		docker build --cache-from ${CI_REGISTRY_IMAGE}:latest ${DOCKER_BUILD_ARGS}
		-t ${DOCKER_DEFAULT_TAGGING}
		-t ${DOCKER_SPECIFIC_TAGGING} .

		lint-dockerfile:
		stage: package
		extends: .docker-env
		variables:
		LINT_DOCKERFILE_IMAGE: hadolint/hadolint:latest
		DOCKERFILE_PATH: Dockerfile
		script:
		- docker run --rm -i ${LINT_DOCKERFILE_IMAGE} < ${DOCKERFILE_PATH}
		dependencies: []
		allow_failure: true
		except:
		- schedules
		include:
		- local: '/_packaging.yml'
		- local: '/_docker-build.yml'

		docker-build-support-branch:
		extends: .docker-operations-build
		variables:
		DOCKER_SPECIFIC_TAGGING: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest
		extends: .docker-build
		only:
		- branches
		- tags
		except:
		- master
		- schedules

		docker-build-stable-branch:
		extends: .docker-operations-build
		variables:
		DOCKER_SPECIFIC_TAGGING: ${CI_REGISTRY_IMAGE}:latest
		extends: .docker-build
		only:
		- master
		except:
		- schedules

		docker-tag-gitlab-registry:
		extends: .docker-operations
		.docker-tag-context: &docker-tag-context
		only:
		- tags
		script:
		- docker pull ${DOCKER_DEFAULT_TAGGING}
		- docker tag ${DOCKER_DEFAULT_TAGGING} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}

		docker-tag-docker-hub:
		extends: .docker-operations
		only:
		- tags
		script:
		- docker pull ${DOCKER_DEFAULT_TAGGING}
		- docker login -u ${DOCKER_HUB_USER} -p ${DOCKER_HUB_PASS}
		- dockerHubImagePath="$(echo ${CI_PROJECT_PATH} \| cut -d '/' -f 2- \| sed 's/\//-/g')"
		- dockerHubImage="${DOCKER_HUB_ROOT}/${dockerHubImagePath}"
		- docker tag ${DOCKER_DEFAULT_TAGGING} ${dockerHubImage}:${CI_COMMIT_TAG}
		- docker tag ${DOCKER_DEFAULT_TAGGING} ${dockerHubImage}:latest
		- docker push ${dockerHubImage}
		after_script: []
		docker-tag-gitlab:
		extends: .docker-tag-gitlab
		<<: *docker-tag-context

		docker-scan:
		stage: test-package
		extends: .docker
		allow_failure: true
		only:
		- branches
		except:
		- schedules
		script:
		- docker run -d --name db arminc/clair-db:latest
		- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
		- apk add -U wget ca-certificates
		- docker pull ${DOCKER_DEFAULT_TAGGING}
		- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
		- mv clair-scanner_linux_amd64 clair-scanner
		- chmod +x clair-scanner
		- touch clair-whitelist.yml
		- >
		./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log
		-w clair-whitelist.yml ${DOCKER_DEFAULT_TAGGING} \|\| true
		artifacts:
		paths: [gl-sast-container-report.json]
		docker-tag-dockerhub:
		extends: .docker-tag-dockerhub
		<<: *docker-tag-context