forked from hauxir/imgpush
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
129 lines (121 loc) · 3.37 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
stages:
- lint
- test
- build
- deploy
- review
- dast
- fuzz
- staging
- canary
- production
- incremental rollout 10%
- incremental rollout 25%
- incremental rollout 50%
- incremental rollout 100%
- performance
- cleanup
docker-build:
image: docker:latest
stage: build
services:
- docker:dind
before_script:
- docker pull tonistiigi/binfmt:latest
- docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
- docker run --privileged --rm tonistiigi/binfmt --install all
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- docker buildx create --use
- docker buildx build -f Dockerfile --push --pull --platform linux/amd64,linux/arm64
-t "${CI_REGISTRY_IMAGE}/${CI_COMMIT_BRANCH}:latest"
-t "${CI_REGISTRY_IMAGE}/${CI_COMMIT_BRANCH}:${CI_COMMIT_SHORT_SHA}" .
- if [ "$CI_COMMIT_BRANCH" = "master" ]; then
docker buildx build -f Dockerfile --push --pull --platform linux/amd64,linux/arm64
-t "${CI_REGISTRY_IMAGE}:latest" .; fi;
rules:
- if: $PULL == "true"
when: never
- if: $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "dev"
exists:
- Dockerfile
pull:
image: alpine:latest
before_script:
- apk add git
- git checkout master
- git remote set-url origin https://root:$gitlab_token@$CI_SERVER_HOST/$CI_PROJECT_PATH.git
- git remote add upstream https://github.com/hauxir/imgpush || git remote set-url upstream https://github.com/hauxir/imgpush
- git config --global user.email "[email protected]"
- git config --global user.name "metahkg-bot"
- git config pull.rebase false
- git pull origin master
script:
- |
git fetch upstream
git merge -X theirs upstream/master -m "Pull upstream" --allow-unrelated-histories
git push origin --all
rules:
- if: $PULL == "true"
build:
stage: build
allow_failure: true
test:
stage: test
image: python:3.10-alpine
services:
- name: mongo
alias: db
command: ["mongod", "--bind_ip_all"]
before_script:
- apk add coreutils
- pip install poetry
- poetry config virtualenvs.create false
script:
- poetry install
- cp example.env .env
- mkdir images cache
- echo "IMAGES_DIR=$PWD/images/" >> .env
- echo "CACHE_DIR=$PWD/cache/" >> .env
- echo "MONGO_URI=mongodb://db" >> .env
- echo "DEBUG=true" >> .env
- nohup python imgpush/app.py &
- sleep 5
- python imgpush/test.py
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH
dast:
stage: dast
allow_failure: true
rules:
- if: $CI_COMMIT_BRANCH
when: never
code_quality:
stage: test
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH
container_scanning:
stage: review
needs: [ "docker-build" ]
variables:
GIT_STRATEGY: fetch
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH
CI_APPLICATION_TAG: $CI_COMMIT_SHORT_SHA
CLAIR_OUTPUT: High
artifacts:
paths:
- gl-container-scanning-report.json
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "dev"
exists:
- Dockerfile
include:
- template: Auto-DevOps.gitlab-ci.yml
rules:
- if: $PULL != "true"