2023-12-15 07:47:46 +00:00
|
|
|
include:
|
|
|
|
|
- template: Security/Container-Scanning.gitlab-ci.yml
|
|
|
|
|
|
|
|
|
|
##############################################################################
|
|
|
|
|
# Pipeline stages in order of execution #
|
|
|
|
|
##############################################################################
|
|
|
|
|
stages:
|
|
|
|
|
- build
|
|
|
|
|
- publish
|
|
|
|
|
- sca
|
|
|
|
|
|
|
|
|
|
##############################################################################
|
|
|
|
|
# Pipeline behavior #
|
|
|
|
|
##############################################################################
|
|
|
|
|
workflow:
|
|
|
|
|
rules:
|
|
|
|
|
# Run the pipeline on commits to the default branch
|
|
|
|
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
|
|
|
variables:
|
|
|
|
|
# Set the Docker image tag to `latest`
|
|
|
|
|
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:latest
|
|
|
|
|
when: always
|
|
|
|
|
# Run the pipeline on tag creation
|
|
|
|
|
- if: $CI_COMMIT_TAG
|
|
|
|
|
variables:
|
|
|
|
|
# Set the Docker image tag to the Git tag name
|
|
|
|
|
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
|
|
|
|
|
when: always
|
|
|
|
|
# Don't run the pipeline on all other occasions
|
|
|
|
|
- when: never
|
|
|
|
|
|
|
|
|
|
##############################################################################
|
|
|
|
|
# Default values for pipeline jobs #
|
|
|
|
|
##############################################################################
|
2023-09-25 08:11:11 +00:00
|
|
|
default:
|
|
|
|
|
image: docker:24.0.6
|
|
|
|
|
services:
|
|
|
|
|
- docker:24.0.6-dind
|
|
|
|
|
tags:
|
|
|
|
|
- docker
|
|
|
|
|
|
2023-12-15 07:47:46 +00:00
|
|
|
##############################################################################
|
|
|
|
|
# CI/CD variables for all jobs in the pipeline #
|
|
|
|
|
##############################################################################
|
2023-09-25 08:11:11 +00:00
|
|
|
variables:
|
|
|
|
|
DOCKER_TLS_CERTDIR: /certs
|
2023-12-15 07:47:46 +00:00
|
|
|
DOCKER_BUILD_PATH: .
|
|
|
|
|
DOCKERFILE: Dockerfile
|
2023-09-25 08:11:11 +00:00
|
|
|
|
2023-12-15 07:47:46 +00:00
|
|
|
##############################################################################
|
|
|
|
|
# Pipeline jobs #
|
|
|
|
|
##############################################################################
|
|
|
|
|
build:
|
2023-09-25 08:11:11 +00:00
|
|
|
stage: build
|
|
|
|
|
script:
|
2023-12-15 07:47:46 +00:00
|
|
|
- docker build --tag $DOCKER_IMAGE --file $DOCKERFILE $DOCKER_BUILD_PATH
|
|
|
|
|
- docker save $DOCKER_IMAGE > docker_image.tar
|
|
|
|
|
artifacts:
|
|
|
|
|
paths:
|
|
|
|
|
- docker_image.tar
|
2023-09-25 08:11:11 +00:00
|
|
|
|
2023-12-15 07:47:46 +00:00
|
|
|
publish:
|
|
|
|
|
stage: publish
|
|
|
|
|
before_script:
|
|
|
|
|
- docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
|
|
|
|
|
script:
|
|
|
|
|
- docker load --input docker_image.tar
|
|
|
|
|
- docker push $DOCKER_IMAGE
|
|
|
|
|
after_script:
|
|
|
|
|
- docker logout $CI_REGISTRY
|
2023-09-25 08:11:11 +00:00
|
|
|
|
|
|
|
|
container_scanning:
|
2023-12-15 07:47:46 +00:00
|
|
|
stage: sca
|
2023-09-25 08:11:11 +00:00
|
|
|
rules:
|
2023-12-15 07:47:46 +00:00
|
|
|
# Run the job on commits to the default branch
|
2023-09-25 08:11:11 +00:00
|
|
|
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
2023-12-15 07:47:46 +00:00
|
|
|
when: always
|
|
|
|
|
# Run the job on tag creation
|
2023-09-25 08:11:11 +00:00
|
|
|
- if: $CI_COMMIT_TAG
|
2023-12-15 07:47:46 +00:00
|
|
|
when: always
|
|
|
|
|
# Don't run the job on all other occasions
|
2023-09-25 08:11:11 +00:00
|
|
|
- when: never
|
2023-12-15 07:47:46 +00:00
|
|
|
variables:
|
|
|
|
|
CS_IMAGE: $DOCKER_IMAGE
|
