image: docker:latest variables: GIT_STRATEGY: fetch GIT_SUBMODULE_STRATEGY: recursive PACKER_VERSION: 1.2.0 ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:$CI_COMMIT_REF_SLUG DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG stages: - prepare - check - build dockerimage_builder: stage: prepare before_script: - apk add --no-cache make services: - docker:dind script: - docker pull $DOCKER_IMAGE_BUILDER || true - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - make builderimg - docker push $DOCKER_IMAGE_BUILDER tags: - fablab - ssd except: refs: - schedules dockerimage_security_scanner: stage: prepare before_script: - apk add --no-cache make services: - docker:dind script: - docker pull $DOCKER_IMAGE_SECURITY_SCANNER || true - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - make secscanimg - docker push $DOCKER_IMAGE_SECURITY_SCANNER tags: - fablab - ssd except: refs: - schedules security_scanner: stage: check image: $DOCKER_IMAGE_SECURITY_SCANNER script: - set -x - export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')" - security-scanner $target only: refs: - schedules - triggers variables: - $task == "security-scanner" - $target tags: - dedicated .squashfs_template: &squashfs_template stage: build before_script: - apk add --no-cache make services: - docker:dind script: - make images/debian-stretch.squashfs artifacts: paths: - images tags: - fablab - ssd squashfs_featurebranch: <<: *squashfs_template variables: COMPRESSION_LEVEL: 5 except: variables: - $task == "security-scanner" refs: - master squashfs_master: <<: *squashfs_template variables: COMPRESSION_LEVEL: 7 only: refs: - master except: variables: - $task == "security-scanner"