blob: 06f54ba9fce28317bd7cb36b635ca65d36d34eed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
# When using dind, it's wise to use the overlayfs driver for
# improved performance.
variables:
DOCKER_DRIVER: overlay2
MAJOR: 1
TMP_IMAGE: $CI_REGISTRY_IMAGE/tmp:$CI_COMMIT_SHA
services:
- docker:stable-dind
stages:
- build
- test
- tag
- release
build commit:
image: docker:stable
stage: build
script:
- docker info
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $TMP_IMAGE .
- docker push $TMP_IMAGE
container_scanning:
image: docker:stable
stage: test
allow_failure: true
script:
- docker run -d --name db arminc/clair-db:latest
- docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.6
- apk add -U wget ca-certificates
- docker pull $TMP_IMAGE
- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
- mv clair-scanner_linux_amd64 clair-scanner
- chmod +x clair-scanner
- touch clair-whitelist.yml
- while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
- retries=0
- echo "Waiting for clair daemon to start"
- while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
- ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $TMP_IMAGE || true
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
paths:
- gl-container-scanning-report.json
.docker_tag:
image: docker:stable
stage: tag
script:
- docker info
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- export SOURCE_IMAGE=$TMP_IMAGE
- export TARGET_IMAGE=$CI_REGISTRY_IMAGE:${IMAGE_TAG:-$CI_JOB_NAME}
- docker pull $SOURCE_IMAGE
- docker tag $SOURCE_IMAGE $TARGET_IMAGE
- docker push $TARGET_IMAGE
edge:
extends: .docker_tag
variables:
IMAGE_TAG: edge
only:
- master
version:
extends: .docker_tag
before_script:
- export IMAGE_TAG=${CI_COMMIT_TAG/v/}
- echo "Checking that $CI_COMMIT_TAG is last in the changelog"
- test "$(grep '^## v' CHANGELOG.md |head -n 1)" = "## $CI_COMMIT_TAG"
only:
- tags
when: manual
allow_failure: false
.release:
extends: .docker_tag
stage: release
only:
- tags
major:
extends: .release
variables:
IMAGE_TAG: $MAJOR
latest:
extends: .release
11-9-stable:
extends: .release
11-8-stable:
extends: .release
11-7-stable:
extends: .release
11-6-stable:
extends: .release
11-5-stable:
extends: .release
11-4-stable:
extends: .release
11-3-stable:
extends: .release
11-2-stable:
extends: .release
11-1-stable:
extends: .release
11-0-stable:
extends: .release
|
