Update CI script

2024-11-13 00:05:41 +00:00 · 2023-12-15 08:47:46 +01:00 · 2023-12-15 08:47:46 +01:00 · 438a257fe3
commit 438a257fe3
parent 2e88d7d035
1 changed files with 65 additions and 23 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,3 +1,37 @@
+include:
+  - template: Security/Container-Scanning.gitlab-ci.yml
+
+##############################################################################
+# Pipeline stages in order of execution                                      #
+##############################################################################
+stages:
+  - build
+  - publish
+  - sca
+
+##############################################################################
+# Pipeline behavior                                                          #
+##############################################################################
+workflow:
+  rules:
+    # Run the pipeline on commits to the default branch
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      variables:
+        # Set the Docker image tag to `latest`
+        DOCKER_IMAGE: $CI_REGISTRY_IMAGE:latest
+      when: always
+    # Run the pipeline on tag creation
+    - if: $CI_COMMIT_TAG
+      variables:
+        # Set the Docker image tag to the Git tag name
+        DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+      when: always
+    # Don't run the pipeline on all other occasions
+    - when: never
+
+##############################################################################
+# Default values for pipeline jobs                                           #
+##############################################################################
 default:
  image: docker:24.0.6
  services:
@ -5,38 +39,46 @@ default:
  tags:
    - docker

+##############################################################################
+# CI/CD variables for all jobs in the pipeline                               #
+##############################################################################
 variables:
  DOCKER_TLS_CERTDIR: /certs
+  DOCKER_BUILD_PATH: .
+  DOCKERFILE: Dockerfile

-build_image:
+##############################################################################
+# Pipeline jobs                                                              #
+##############################################################################
+build:
  stage: build
-  rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-      when: on_success
-      variables:
-        IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
-    - if: $CI_COMMIT_TAG
-      when: "on_success"
-      variables:
-        IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
-    - when: never
-  before_script:
-    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
-    - docker build -t $IMAGE_TAG .
-    - docker push $IMAGE_TAG
+    - docker build --tag $DOCKER_IMAGE --file $DOCKERFILE $DOCKER_BUILD_PATH
+    - docker save $DOCKER_IMAGE > docker_image.tar
+  artifacts:
+    paths:
+      - docker_image.tar

-include:
-  - template: Security/Container-Scanning.gitlab-ci.yml
+publish:
+  stage: publish
+  before_script:
+    - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
+  script:
+    - docker load --input docker_image.tar
+    - docker push $DOCKER_IMAGE
+  after_script:
+    - docker logout $CI_REGISTRY

 container_scanning:
+  stage: sca
  rules:
+    # Run the job on commits to the default branch
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-      when: on_success
-      variables:
-        CS_IMAGE: $CI_REGISTRY_IMAGE:latest
+      when: always
+    # Run the job on tag creation
    - if: $CI_COMMIT_TAG
-      when: on_success
-      variables:
-        CS_IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}
+      when: always
+    # Don't run the job on all other occasions
    - when: never
+  variables:
+    CS_IMAGE: $DOCKER_IMAGE