Update CI script

2024-11-14 00:35:41 +00:00 · 2023-12-15 08:47:46 +01:00 · 2023-12-15 08:47:46 +01:00 · 438a257fe3
commit 438a257fe3
parent 2e88d7d035
1 changed files with 65 additions and 23 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,3 +1,37 @@
 include:
  - template: Security/Container-Scanning.gitlab-ci.yml
 ##############################################################################
 # Pipeline stages in order of execution                                      #
 ##############################################################################
 stages:
  - build
  - publish
  - sca
 ##############################################################################
 # Pipeline behavior                                                          #
 ##############################################################################
 workflow:
  rules:
    # Run the pipeline on commits to the default branch
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      variables:
        # Set the Docker image tag to `latest`
        DOCKER_IMAGE: $CI_REGISTRY_IMAGE:latest
      when: always
    # Run the pipeline on tag creation
    - if: $CI_COMMIT_TAG
      variables:
        # Set the Docker image tag to the Git tag name
        DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
      when: always
    # Don't run the pipeline on all other occasions
    - when: never
 ##############################################################################
 # Default values for pipeline jobs                                           #
 ##############################################################################
 default:
  image: docker:24.0.6
  services:
@ -5,38 +39,46 @@ default:
  tags:
    - docker
 ##############################################################################
 # CI/CD variables for all jobs in the pipeline                               #
 ##############################################################################
 variables:
  DOCKER_TLS_CERTDIR: /certs
  DOCKER_BUILD_PATH: .
  DOCKERFILE: Dockerfile
-build_image:
+##############################################################################
 # Pipeline jobs                                                              #
 ##############################################################################
 build:
  stage: build
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
      when: on_success
      variables:
        IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
    - if: $CI_COMMIT_TAG
      when: "on_success"
      variables:
        IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    - when: never
  before_script:
    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
  script:
-    - docker build -t $IMAGE_TAG .
+    - docker build --tag $DOCKER_IMAGE --file $DOCKERFILE $DOCKER_BUILD_PATH
-    - docker push $IMAGE_TAG
+    - docker save $DOCKER_IMAGE > docker_image.tar
  artifacts:
    paths:
      - docker_image.tar
-include:
+publish:
-  - template: Security/Container-Scanning.gitlab-ci.yml
+  stage: publish
  before_script:
    - docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
  script:
    - docker load --input docker_image.tar
    - docker push $DOCKER_IMAGE
  after_script:
    - docker logout $CI_REGISTRY
 container_scanning:
  stage: sca
  rules:
    # Run the job on commits to the default branch
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-      when: on_success
+      when: always
-      variables:
+    # Run the job on tag creation
        CS_IMAGE: $CI_REGISTRY_IMAGE:latest
    - if: $CI_COMMIT_TAG
-      when: on_success
+      when: always
-      variables:
+    # Don't run the job on all other occasions
        CS_IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}
    - when: never
  variables:
    CS_IMAGE: $DOCKER_IMAGE