-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
159 lines (149 loc) · 5.57 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# define global before_script as string
# please delimit each command with an comma
.before_script_default: &before_script_defaults |
export CI_COMMIT_SHA_SHORT=${CI_COMMIT_SHA:0:8};
export IMAGE_RELEASE_TAG=${CI_COMMIT_TAG:=latest};
export IMAGE_RELEASE_NAME=${IMAGE_RELEASE_NAME:=${CI_PROJECT_NAME}};
# define global before_script_docker_auth as string
# please delimit each command with an comma
.before_script_docker_auth: &before_script_docker_auth |
if [[ ! -z "${AWS_ECR_REPOSITORY_URL}" ]] && [[ ! -z "${AWS_ACCESS_KEY_ID}" ]] && [[ ! -z "${AWS_SECRET_ACCESS_KEY}" ]] && [[ ! -z "${AWS_DEFAULT_REGION}" ]] && [[ ! -z "${AWS_ACCOUNT_ID}" ]]; then
eval $(aws ecr get-login --no-include-email --region "${AWS_DEFAULT_REGION}" --registry-ids "${AWS_ACCOUNT_ID}");
fi
if [[ ! -z "${DOCKERHUB_REGISTRY_ORGANISATION}" ]] && [[ ! -z "${DOCKERHUB_REGISTRY_USER}" ]] && [[ ! -z "${DOCKERHUB_REGISTRY_PASSWORD}" ]]; then
docker login -u "${DOCKERHUB_REGISTRY_USER}" -p "${DOCKERHUB_REGISTRY_PASSWORD}" docker.io
fi
if [[ ! -z "${GITLAB_REPOSITORY_URL}" ]] && [[ ! -z "${CI_REGISTRY}" ]]; then
docker login -u gitlab-ci-token -p "${CI_BUILD_TOKEN}" "${CI_REGISTRY}"
fi
stages:
- preflight
- build
- test
- release
## Generic preflight template
.preflight: &preflight
stage: preflight
allow_failure: true
tags:
- kubernetes-runner
only:
- branches
- /(?<=master).*/
except:
- schedules
- /^master$/
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
artifacts:
reports:
junit: src/*/junit-*-report.xml
###############################
## preflight jobs
###############################
hadolint:
image: ${CI_JOB_IMAGE_HADOLINT}
<<: *preflight
before_script:
- *before_script_defaults
- hadolint --version
after_script:
- for file in $(find src -type f -name "hadolint.json" -print | xargs --max-lines=1); do gitlab-helper convert hadolint -i $file -o "$( dirname "${file}" )/junit-hadolint-report.xml" -d "$( dirname "${file}" )/Dockerfile"; done
script:
- |
for file in $(find src -type f -name "Dockerfile" -print | xargs --max-lines=1); do
if ! hadolint -f json $file > "$( dirname "${file}" )/hadolint.json"; then
export FAILED=1
fi
done
if [ "${FAILED}" = "1" ]; then
exit 1
fi
shellcheck:
image: ${CI_JOB_IMAGE_SHELLCHECK}
<<: *preflight
before_script:
- *before_script_defaults
- shellcheck --version
after_script:
- for file in $(find src -type f -name "shellcheck.json" -print | xargs --max-lines=1); do gitlab-helper convert shellcheck -i $file -o "$( dirname "${file}" )/junit-shellcheck-report.xml" -d "${file}"; done
script:
- |
for file in $(find src -type f -exec grep -IRl '#\!\(/usr/bin/env \|/bin/\)' {} \; | xargs --max-lines=1); do
if ! shellcheck -f json $file > "$( dirname "${file}" )/shellcheck.json"; then
export FAILED=1
fi
done
if [ "${FAILED}" = "1" ]; then
exit 1
fi
###############################
## build jobs
###############################
build:
stage: build
tags:
- kubernetes-runner
artifacts:
paths:
- build
expire_in: 2 days
when: on_success
services:
- name: docker:dind
command: ["dockerd", "--host=tcp://0.0.0.0:2375"]
before_script:
- mkdir build
script:
- docker build --pull --force-rm -t ${CI_PROJECT_NAME}:build src/
- docker save -o build/${CI_PROJECT_NAME}.tar ${CI_PROJECT_NAME}:build
##############################
# release jobs
##############################
release:
stage: release
tags:
- kubernetes-runner
only:
refs:
- /^master$/
- /^v?\d+\.\d+\.\d+(?:-(?:beta|rc|dev|alpha|RC|p)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
- schedules
services:
- name: docker:dind
command: ["dockerd", "--host=tcp://0.0.0.0:2375"]
before_script:
- *before_script_defaults
- *before_script_docker_auth
- docker load -i build/${CI_PROJECT_NAME}.tar
script:
- if [[ ! -z "${AWS_ECR_REPOSITORY_URL}" ]] && [[ ! -z "${AWS_ACCESS_KEY_ID}" ]] && [[ ! -z "${AWS_SECRET_ACCESS_KEY}" ]] && [[ ! -z "${AWS_DEFAULT_REGION}" ]] && [[ ! -z "${AWS_ACCOUNT_ID}" ]]; then
- docker tag "${CI_PROJECT_NAME}:build" "${AWS_ECR_REPOSITORY_URL}/${IMAGE_RELEASE_NAME}:${IMAGE_RELEASE_TAG}";
- docker push "${AWS_ECR_REPOSITORY_URL}/${IMAGE_RELEASE_NAME}:${IMAGE_RELEASE_TAG}";
- fi
- if [[ ! -z "${GITLAB_REPOSITORY_URL}" ]]; then
- docker tag "${CI_PROJECT_NAME}:build" "${GITLAB_REPOSITORY_URL}/${IMAGE_RELEASE_NAME}:${IMAGE_RELEASE_TAG}"
- docker push "${GITLAB_REPOSITORY_URL}/${IMAGE_RELEASE_NAME}:${IMAGE_RELEASE_TAG}"
- fi
- if [[ ! -z "${DOCKERHUB_REGISTRY_ORGANISATION}" ]] && [[ ! -z "${DOCKERHUB_REGISTRY_USER}" ]] && [[ ! -z "${DOCKERHUB_REGISTRY_PASSWORD}" ]]; then
- docker tag "${CI_PROJECT_NAME}:build" "${DOCKERHUB_REGISTRY_ORGANISATION}/${IMAGE_RELEASE_NAME}:${IMAGE_RELEASE_TAG}"
- docker push "docker.io/${DOCKERHUB_REGISTRY_ORGANISATION}/${IMAGE_RELEASE_NAME}:${IMAGE_RELEASE_TAG}"
- fi
##############################
# test final image
##############################
test:
image: ${CI_JOB_IMAGE_CONTAINER_STRUCTURE_TEST}
stage: test
tags:
- kubernetes-runner
services:
- name: docker:dind
command: ["dockerd", "--host=tcp://0.0.0.0:2375"]
before_script:
- *before_script_defaults
- docker load -i build/${CI_PROJECT_NAME}.tar
- docker images
dependencies:
- build
script:
- container-structure-test test --config .container-structure-test.yaml --image ${CI_PROJECT_NAME}:build