105 lines
2.1 KiB
YAML
105 lines
2.1 KiB
YAML
image: docker:latest
|
|
|
|
variables:
|
|
GIT_STRATEGY: fetch
|
|
PACKER_VERSION: 1.2.0
|
|
ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce
|
|
WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images
|
|
DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:$CI_COMMIT_REF_SLUG
|
|
DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG
|
|
|
|
stages:
|
|
- prepare
|
|
- check
|
|
- build
|
|
|
|
|
|
dockerimage_builder:
|
|
stage: prepare
|
|
before_script:
|
|
- apk add --no-cache make
|
|
services:
|
|
- docker:dind
|
|
script:
|
|
- docker pull $DOCKER_IMAGE_BUILDER || true
|
|
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
|
|
- make builderimg
|
|
- docker push $DOCKER_IMAGE_BUILDER
|
|
tags:
|
|
- fablab
|
|
- ssd
|
|
except:
|
|
refs:
|
|
- schedules
|
|
|
|
|
|
dockerimage_security_scanner:
|
|
stage: prepare
|
|
before_script:
|
|
- apk add --no-cache make
|
|
services:
|
|
- docker:dind
|
|
script:
|
|
- docker pull $DOCKER_IMAGE_SECURITY_SCANNER || true
|
|
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
|
|
- make secscanimg
|
|
- docker push $DOCKER_IMAGE_SECURITY_SCANNER
|
|
tags:
|
|
- fablab
|
|
- ssd
|
|
except:
|
|
refs:
|
|
- schedules
|
|
|
|
security_scanner:
|
|
stage: check
|
|
image: $DOCKER_IMAGE_SECURITY_SCANNER
|
|
script:
|
|
- set -x
|
|
- export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')"
|
|
- security-scanner $target
|
|
only:
|
|
refs:
|
|
- schedules
|
|
- triggers
|
|
variables:
|
|
- $task == "security-scanner"
|
|
- $target
|
|
tags:
|
|
- dedicated
|
|
|
|
.squashfs_template: &squashfs_template
|
|
stage: build
|
|
before_script:
|
|
- apk add --no-cache make
|
|
services:
|
|
- docker:dind
|
|
script:
|
|
- make images/debian-stretch.squashfs
|
|
artifacts:
|
|
paths:
|
|
- images
|
|
tags:
|
|
- fablab
|
|
- ssd
|
|
|
|
squashfs_featurebranch:
|
|
<<: *squashfs_template
|
|
variables:
|
|
COMPRESSION_LEVEL: 5
|
|
except:
|
|
variables:
|
|
- $task == "security-scanner"
|
|
refs:
|
|
- master
|
|
|
|
squashfs_master:
|
|
<<: *squashfs_template
|
|
variables:
|
|
COMPRESSION_LEVEL: 7
|
|
only:
|
|
refs:
|
|
- master
|
|
except:
|
|
variables:
|
|
- $task == "security-scanner"
|