diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7352d1b9f293ba32c50983efb5073cc66a229408..2c2823488932f6ac527c13e401a7663d2dcc9936 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -56,10 +56,9 @@ build container image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
- # always succeed and don't print error message
- - tag=$(git tag --contains $CI_COMMIT_SHORT_SHA 2>&1) || true
# use tag for version if not empty; else commit sha
- - "[[ -n $tag ]] && export version=$tag || export version=$CI_COMMIT_SHORT_SHA"
+ - "[[ -n ${CI_COMMIT_TAG} ]] && export version=${CI_COMMIT_TAG} || export version=${CI_COMMIT_SHORT_SHA}"
+ - echo $version
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"},\"$harbor_registry\":{\"auth\":\"$HARBOR_ROBOT_TOKEN64\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor
@@ -78,20 +77,33 @@ build container image:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $CI_COMMIT_TAG
+generate pipfile:
+ stage: build
+ image: docker.io/python:3.8-alpine
+ before_script:
+ - pip install pipenv
+ script:
+ - pipenv lock
+ artifacts:
+ paths:
+ - Pipfile*
+ needs: []
+ rules:
+ - if: $CI_COMMIT_TAG
+
generate app sbom:
stage: deploy
image: docker.io/node:18.12
before_script:
- npm ci --ignore-scripts
- - npm run build
script:
- npx cdxgen
- --type nodejs
- --required-only
+ --type python
--server-url https://deps.sub.uni-goettingen.de
--api-key ${DEPS_UPLOAD_TOKEN}
--project-name ${project_name}
--project-version ${CI_COMMIT_TAG}
+ needs: ["generate pipfile"]
rules:
- if: $CI_COMMIT_TAG
@@ -112,5 +124,6 @@ generate container sbom:
--form "projectName=${project_name}-container"
--form "projectVersion=${CI_COMMIT_TAG}"
--form "bom=@bom.json"'
+ needs: ["build container image"]
rules:
- if: $CI_COMMIT_TAG