632387dfd1
This reverts commit d443e880d5.
While the pipeline is still running, labsync generator can't retrieve
its result as it is not yet marked as successfully finished.
Therefore, it is easier to use a webhook instead
110 lines
2.4 KiB
YAML
110 lines
2.4 KiB
YAML
image: docker:latest
|
|
|
|
variables:
|
|
GIT_STRATEGY: fetch
|
|
GIT_SUBMODULE_STRATEGY: recursive
|
|
PACKER_VERSION: 1.4.3
|
|
ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce
|
|
WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images
|
|
DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:$CI_COMMIT_REF_SLUG
|
|
DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG
|
|
DOCKER_TLS_CERTDIR: ""
|
|
|
|
stages:
|
|
- prepare
|
|
- check
|
|
- build
|
|
|
|
dockerimage_builder:
|
|
stage: prepare
|
|
before_script:
|
|
- apk add --no-cache make
|
|
services:
|
|
- docker:dind
|
|
script:
|
|
- docker pull $DOCKER_IMAGE_BUILDER || true
|
|
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
|
|
- make builderimg
|
|
- docker push $DOCKER_IMAGE_BUILDER
|
|
tags:
|
|
- fablab
|
|
- ssd
|
|
except:
|
|
refs:
|
|
- schedules
|
|
|
|
dockerimage_security_scanner:
|
|
stage: prepare
|
|
before_script:
|
|
- apk add --no-cache make
|
|
services:
|
|
- docker:dind
|
|
script:
|
|
- docker pull $DOCKER_IMAGE_SECURITY_SCANNER || true
|
|
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
|
|
- make secscanimg
|
|
- docker push $DOCKER_IMAGE_SECURITY_SCANNER
|
|
tags:
|
|
- fablab
|
|
- ssd
|
|
except:
|
|
refs:
|
|
- schedules
|
|
|
|
security_scanner:
|
|
stage: check
|
|
image: $DOCKER_IMAGE_SECURITY_SCANNER
|
|
script:
|
|
- set -x
|
|
- export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')"
|
|
- python3 -m security_scanner $target
|
|
only:
|
|
refs:
|
|
- schedules
|
|
- triggers
|
|
variables:
|
|
- $task == "security-scanner"
|
|
- $target
|
|
tags:
|
|
- dedicated
|
|
|
|
.squashfs_template: &squashfs_template
|
|
image: $DOCKER_IMAGE_BUILDER
|
|
stage: build
|
|
services:
|
|
- docker:dind
|
|
script:
|
|
- scripts/packer.sh debian-bullseye
|
|
- aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive --no-progress
|
|
artifacts:
|
|
paths:
|
|
- images.txt
|
|
- images/*.dpkg-list
|
|
- images/*.initramfs
|
|
- images/*.linux
|
|
#- images/*.squashfs
|
|
- images/*.torrent
|
|
tags:
|
|
- fablab
|
|
- ssd
|
|
|
|
squashfs_featurebranch:
|
|
<<: *squashfs_template
|
|
variables:
|
|
COMPRESSION_LEVEL: 4
|
|
except:
|
|
variables:
|
|
- $task == "security-scanner"
|
|
refs:
|
|
- main
|
|
|
|
squashfs_main:
|
|
<<: *squashfs_template
|
|
variables:
|
|
COMPRESSION_LEVEL: 15
|
|
only:
|
|
refs:
|
|
- main
|
|
except:
|
|
variables:
|
|
- $task == "security-scanner"
|