Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • pica-form
  • tests-de-emma
  • vmalert
  • codimd-fixpdf
  • gchange
  • errors_dynamic
  • traefik-errors
  • DBBackup/simplifications
  • v1.0.1
  • v1.0.0
  • MTA-SASL-poc
  • pica-mail-auth_plaintext
13 results
Blame Permalink
.gitlab-ci.yml 7.70 KiB 
image: docker:stable
services:
    - docker:dind

stages:
    - metabuild
    - build
    - deployment
    
# build the container that further steps will run in in order to avoid duplicating instructions between steps
metabuild:
    stage: metabuild
    before_script:
        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
    script:
        - docker build -f pica-ci/Dockerfile . -t $REGISTRY/pica-ci
        - docker push $REGISTRY/pica-ci:latest
    after_script:
        - docker logout $REGISTRY
    tags: [build]
    only:
        changes:
            - "pica-dokuwiki/*"
            - "pica-etherpad/*"
        refs:
            - master
            - dev-ci

# build the container that was modified
build:
    stage: build
    image: $REGISTRY/pica-ci:latest
    before_script:
        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
        - source /etc/profile.d/ci-variables
    script:
        - docker build -f $MODIFIED_IMAGE/Dockerfile $MODIFIED_IMAGE -t $REGISTRY/ci-builds/$CI_COMMIT_SHA
        - docker push $REGISTRY/ci-builds/$CI_COMMIT_SHA
    after_script:
        - docker logout $REGISTRY
    tags: [build]
    only:
        changes:
            - "pica-dokuwiki/*"
            - "pica-etherpad/*"
        refs:
            - master
            - dev-ci

# run CoreOS' Clair and make the CI failed if a critical vulnerability isn't in the whitelist
.clair:
    stage: static_tests
    image: $REGISTRY/pica-ci:latest
    before_script:
        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
        - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
        - docker logout $REGISTRY
        - source /etc/profile.d/ci-variables
    script:
        - docker run -d --name db arminc/clair-db:latest
        - docker run -p 6060:6060 -d --link db:postgres --name clair --restart on-failure arminc/clair-local-scan:latest
        - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
        - mv clair-scanner_linux_amd64 clair-scanner
        - chmod +x clair-scanner
        - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
        - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r clair-report.json -l clair.log -w $MODIFIED_IMAGE/clair-whitelist.yml --threshold="High" $REGISTRY/ci-builds/$CI_COMMIT_SHA
    artifacts:
        paths:
            - clair-report.json
            - clair.log