docker-magalucloud-cli/.gitlab-ci.yml at main · codeinloop/docker-magalucloud-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml

stages:
  - build
  - scanner
  - publish
  - afterScanner

build:
  image: docker:latest
  stage: build
  services:
    - docker:dind
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" .
    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"

container_scanning:
  stage: scanner
  variables:
    CS_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    GIT_STRATEGY: fetch
    SECURE_LOG_LEVEL: 'error'
    CS_SEVERITY_THRESHOLD: 'LOW'
  when: on_success
  allow_failure: false

publish:
  image: docker:latest
  stage: publish
  services:
    - docker:dind
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
    - docker pull "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA"
    - docker tag "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" "$CI_REGISTRY_IMAGE:latest"
    - docker tag "$CI_REGISTRY_IMAGE:$CI_COMMIT_SHA" "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
    - docker push "$CI_REGISTRY_IMAGE:latest"
  only:
    - tags
  when: on_success

afterScanner:
  image: curlimages/curl
  stage: afterScanner
  script:
    - curl -u $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD -X "DELETE" https://cloud.docker.com/v2/repositories/$CI_REGISTRY_USER/$CI_REGISTRY_NAME/tags/$CI_COMMIT_SHA
  when: always