-
Stefan Hynek authoredalso, update node images to v18; add jobs for sbom creation and upload close #35
Stefan Hynek authoredalso, update node images to v18; add jobs for sbom creation and upload close #35
.gitlab-ci.yml 3.47 KiB
# SPDX-FileCopyrightText: 2022 Georg-August-Universität Göttingen
#
# SPDX-License-Identifier: CC0-1.0
---
workflow:
rules:
- if: $CI_MERGE_REQUEST_IID
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $CI_COMMIT_TAG
stages:
- test
- release
- build
- deploy
variables:
harbor_registry: "harbor.gwdg.de"
harbor_repo: "sub-fe"
project_name: "repdav"
lint dockerfile:
stage: test
image: hadolint/hadolint:latest-debian
before_script:
- mkdir -p reports
script:
- hadolint --format gitlab_codeclimate Dockerfile > reports/hadolint-$(md5sum Dockerfile | cut -d" " -f1).json
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
when: always
reports:
codequality:
- "reports/*"
paths:
- "reports/*"
rules:
- if: $CI_MERGE_REQUEST_IID
changes:
- Dockerfile
release:
stage: release
image: docker.io/node:18.12
before_script:
- npm ci --unsafe-perm
script:
- npx semantic-release
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
build container image:
stage: build
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
# always succeed and don't print error message
- tag=$(git tag --contains $CI_COMMIT_SHORT_SHA 2>&1) || true
# use tag for version if not empty; else commit sha
- "[[ -n $tag ]] && export version=$tag || export version=$CI_COMMIT_SHORT_SHA"
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"},\"$harbor_registry\":{\"auth\":\"$HARBOR_ROBOT_TOKEN64\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor
--context $CI_PROJECT_DIR
--dockerfile $CI_PROJECT_DIR/Dockerfile
--build-arg build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
--build-arg vcs_ref=${CI_COMMIT_SHORT_SHA}
--build-arg version=${version}