fix(ci): docker build

85260b63 · Mathias Goebel · 9c5e6d6a · 85260b63
Verified Commit 85260b63 authored 3 months ago by Mathias Goebel
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,16 +2,19 @@
 .secrets_service: &secrets_service
  services:
    - alias: vault
-      name: harbor.gwdg.de/sub-fe-pub/mgoebel/swiss_knife/fedora:latest
+      name: harbor.gwdg.de/sub-fe-pub/vault-client-for-gitlab-ci
+  id_tokens:
+    VAULT_ID_TOKEN:
+      aud: https://secs.sub.uni-goettingen.de
  variables:
-    # pass JWT to the service container, repeat when redeclaring key 'variables'
-    VAULT_CI_JOB_JWT: "$CI_JOB_JWT"
+    # pass JWT to the service container
+    VAULT_CI_JOB_JWT: "$VAULT_ID_TOKEN"
 .harbor-secrets: &secrets-harbor
  # requires service: vault and variable VAULT_CI_JOB_JWT
-  - export HARBOR_TOKEN=$(wget -q -O - "http://vault:8000/?role_name=gitlab-${CI_PROJECT_PATH//\//-}&path=dariah/${CI_PROJECT_PATH/harbor&key=token")
-  - export HARBOR_USER=$( wget -q -O - "http://vault:8000/?role_name=gitlab-${CI_PROJECT_PATH//\//-}&path=dariah/${CI_PROJECT_PATH/harbor&key=user" )
-  - export HARBOR_URL=$(  wget -q -O - "http://vault:8000/?role_name=gitlab-${CI_PROJECT_PATH//\//-}&path=dariah/${CI_PROJECT_PATH/harbor&key=url"  )
-  - export HARBOR_PROJECT='sub-fe-pub'
+  - export HARBOR_TOKEN=$(wget -q -O - "http://vault:8000/?role_name=gitlab-${CI_PROJECT_PATH//\//-}&path=dariah/${CI_PROJECT_PATH}/harbor&key=token")
+  - export HARBOR_USER=$(wget -q -O - "http://vault:8000/?role_name=gitlab-${CI_PROJECT_PATH//\//-}&path=dariah/${CI_PROJECT_PATH}/harbor&key=user")
+  - export HARBOR_URL=$(wget -q -O - "http://vault:8000/?role_name=gitlab-${CI_PROJECT_PATH//\//-}&path=dariah/${CI_PROJECT_PATH}/harbor&key=url")
+  - export HARBOR_PROJECT="sub-fe-pub"

 stages:
  - build
@@ -93,19 +96,10 @@ container:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"${HARBOR_URL}\":{\"auth\":\"$(printf "%s:%s" ${HARBOR_USER} ${HARBOR_TOKEN} | base64 -w 0)\"}}}" > /kaniko/.docker/config.json
  script:
+    - CI_PROJECT_PATH=$(echo "$CI_PROJECT_PATH" | tr '[:upper:]' '[:lower:]')
    - /kaniko/executor
-        --verbosity=info
        --reproducible
        --context .
        --dockerfile ./Dockerfile
-        --build-arg build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-        --build-arg vcs_ref=${CI_COMMIT_SHORT_SHA}
-        --target ${CI_COMMIT_BRANCH}
-        --destination ${IMAGE_NAME}
-    - printf "%s-%s" ${CI_COMMIT_BRANCH} ${CI_COMMIT_SHORT_SHA} > last-successfull-commit.txt
-  artifacts:
-    untracked: true
-    when: on_success
-    expire_in: "365 days"
-    paths:
-      - "last-successfull-commit.txt"
+        --destination ${HARBOR_URL}/${HARBOR_PROJECT}/${CI_PROJECT_PATH}:latest
+        --destination ${HARBOR_URL}/${HARBOR_PROJECT}/${CI_PROJECT_PATH}:${CI_COMMIT_SHORT_SHA}