Compare commits
10 Commits
aaba6407cb
...
001daf5066
| Author | SHA1 | Date | |
|---|---|---|---|
| 001daf5066 | |||
| 103f377014 | |||
| c4b1781548 | |||
| d4f9df8a42 | |||
| c7c41cd9fe | |||
| b2ecd4f130 | |||
| 9ba53cf787 | |||
| 304b59fad5 | |||
|
276bf390e2 | ||
|
|
0cfb709b11 |
@@ -1,45 +1,34 @@
|
|||||||
|
# You can override the included template(s) by including variable overrides
|
||||||
|
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
|
||||||
|
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
|
||||||
|
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
|
||||||
|
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
|
||||||
|
# Note that environment variables can be set in several places
|
||||||
|
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
|
||||||
stages:
|
stages:
|
||||||
- generate
|
- release
|
||||||
- build
|
- test
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
#CI_DEBUG_TRACE: "true"
|
CI_APPLICATION_REPOSITORY: "$CI_REGISTRY_IMAGE"
|
||||||
CACHE_TTL: 2190h0m0s
|
release-image:
|
||||||
|
image: docker:24.0.6
|
||||||
generate:
|
stage: release
|
||||||
stage: generate
|
rules:
|
||||||
image: python:3.11-alpine
|
- if: "$CI_APPLICATION_TAG"
|
||||||
script:
|
|
||||||
- pip install -r requirements.txt
|
|
||||||
- ./update.py > tags.txt
|
|
||||||
artifacts:
|
|
||||||
expire_in: 1 hour
|
|
||||||
paths:
|
|
||||||
- tags.txt
|
|
||||||
|
|
||||||
|
|
||||||
build:
|
|
||||||
needs:
|
|
||||||
- job: generate
|
|
||||||
artifacts: true
|
|
||||||
image: docker:latest
|
|
||||||
stage: build
|
|
||||||
services:
|
|
||||||
- docker:dind
|
|
||||||
variables:
|
|
||||||
DOCKER_HOST: tcp://docker:2376
|
|
||||||
DOCKER_TLS_CERTDIR: "/certs"
|
|
||||||
DOCKER_TLS_VERIFY: 1
|
|
||||||
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
|
|
||||||
before_script:
|
before_script:
|
||||||
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
||||||
- docker info
|
|
||||||
script:
|
script:
|
||||||
- |
|
- |-
|
||||||
for tag in $(cat tags.txt); do
|
export IMAGE_TAG=$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG
|
||||||
export IMAGE_TAG=$CI_REGISTRY_IMAGE:$tag
|
|
||||||
echo $IMAGE_TAG
|
echo $IMAGE_TAG
|
||||||
sed "s/latest/$tag/g" Dockerfile > Dockerfile.tmp
|
sed "s/latest/$CI_APPLICATION_TAG/g" Dockerfile > Dockerfile.tmp
|
||||||
docker build . --pull -f Dockerfile.tmp -t $IMAGE_TAG
|
docker build . --pull -f Dockerfile.tmp -t $IMAGE_TAG
|
||||||
docker push $IMAGE_TAG
|
docker push $IMAGE_TAG
|
||||||
done
|
container_scanning:
|
||||||
|
rules:
|
||||||
|
- if: "$CI_APPLICATION_TAG"
|
||||||
|
needs:
|
||||||
|
- release-image
|
||||||
|
include:
|
||||||
|
- template: Jobs/Container-Scanning.gitlab-ci.yml
|
||||||
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
FROM dockerproxy.com/mattermost/mattermost-enterprise-edition:latest as base
|
FROM mattermost/mattermost-enterprise-edition:latest as base
|
||||||
|
|
||||||
FROM python:3.10-alpine3.14 as replacer
|
FROM python:3.10-alpine3.14 as replacer
|
||||||
|
|
||||||
|
|||||||
24
update.py
24
update.py
@@ -1,24 +0,0 @@
|
|||||||
#!/usr/bin/env python3
|
|
||||||
import re
|
|
||||||
from dxf import DXF
|
|
||||||
from os import environ
|
|
||||||
|
|
||||||
REPO = 'mattermost/mattermost-enterprise-edition'
|
|
||||||
|
|
||||||
dxf = DXF('registry-1.docker.io', REPO)
|
|
||||||
dxf.authenticate(actions=["pull"])
|
|
||||||
tags = dxf.list_aliases()
|
|
||||||
tags = [tag for tag in tags if re.match(
|
|
||||||
r"^\d+\.\d+\.\d+$", tag) and int(tags.split('.')[0]) > 5]
|
|
||||||
|
|
||||||
try:
|
|
||||||
local_dxf = DXF(environ['CI_REGISTRY'], environ['CI_PROJECT_PATH'])
|
|
||||||
local_dxf.authenticate(
|
|
||||||
environ['CI_REGISTRY_USER'], environ['CI_REGISTRY_PASSWORD'], actions=["pull"])
|
|
||||||
local_tags = local_dxf.list_aliases()
|
|
||||||
except:
|
|
||||||
local_tags = []
|
|
||||||
|
|
||||||
update_tags = set(tags) - set(local_tags)
|
|
||||||
|
|
||||||
print(' '.join(update_tags))
|
|
||||||
Reference in New Issue
Block a user