From 438a257fe3c788f3f21caa14b1f26946167aa637 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Fri, 15 Dec 2023 08:47:46 +0100 Subject: [PATCH] Update CI script --- .gitlab-ci.yml | 88 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 65 insertions(+), 23 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f28b1d2a..f5759d43 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,3 +1,37 @@ +include: + - template: Security/Container-Scanning.gitlab-ci.yml + +############################################################################## +# Pipeline stages in order of execution # +############################################################################## +stages: + - build + - publish + - sca + +############################################################################## +# Pipeline behavior # +############################################################################## +workflow: + rules: + # Run the pipeline on commits to the default branch + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + variables: + # Set the Docker image tag to `latest` + DOCKER_IMAGE: $CI_REGISTRY_IMAGE:latest + when: always + # Run the pipeline on tag creation + - if: $CI_COMMIT_TAG + variables: + # Set the Docker image tag to the Git tag name + DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME + when: always + # Don't run the pipeline on all other occasions + - when: never + +############################################################################## +# Default values for pipeline jobs # +############################################################################## default: image: docker:24.0.6 services: @@ -5,38 +39,46 @@ default: tags: - docker +############################################################################## +# CI/CD variables for all jobs in the pipeline # +############################################################################## variables: DOCKER_TLS_CERTDIR: /certs + DOCKER_BUILD_PATH: . + DOCKERFILE: Dockerfile -build_image: +############################################################################## +# Pipeline jobs # +############################################################################## +build: stage: build - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - when: on_success - variables: - IMAGE_TAG: $CI_REGISTRY_IMAGE:latest - - if: $CI_COMMIT_TAG - when: "on_success" - variables: - IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME - - when: never - before_script: - - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY script: - - docker build -t $IMAGE_TAG . - - docker push $IMAGE_TAG + - docker build --tag $DOCKER_IMAGE --file $DOCKERFILE $DOCKER_BUILD_PATH + - docker save $DOCKER_IMAGE > docker_image.tar + artifacts: + paths: + - docker_image.tar -include: - - template: Security/Container-Scanning.gitlab-ci.yml +publish: + stage: publish + before_script: + - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY + script: + - docker load --input docker_image.tar + - docker push $DOCKER_IMAGE + after_script: + - docker logout $CI_REGISTRY container_scanning: + stage: sca rules: + # Run the job on commits to the default branch - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - when: on_success - variables: - CS_IMAGE: $CI_REGISTRY_IMAGE:latest + when: always + # Run the job on tag creation - if: $CI_COMMIT_TAG - when: on_success - variables: - CS_IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME} + when: always + # Don't run the job on all other occasions - when: never + variables: + CS_IMAGE: $DOCKER_IMAGE