-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
96 lines (91 loc) · 3.07 KB
/
Copy path.gitlab-ci.yml
File metadata and controls
96 lines (91 loc) · 3.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
stages:
- build
- sign
- deploy
include:
- project: 'indentia/ci-standards'
ref: 'v1.0.1'
file: '/templates/supply-chain.yml'
variables:
QUAY_REGISTRY: "quay.lvm.local"
NEXUS_REGISTRY: "nexus.lvm.local:8082"
# Use DOCS_IMAGE_NAME to avoid QUAY_NAMESPACE project variable override
DOCS_IMAGE_NAME: "quay.lvm.local/lvmit/indentiadb-docs"
STORAGE_DRIVER: vfs
GITOPS_REPO: "https://oauth2:${GITOPS_TOKEN}@gitlab.lvm.local/indentia/indentia-gitops-htz.git"
GITOPS_COMPONENT_PATH: "indentia-gitops-htz/environments/lvms-indentia-prod-system/indentiadb-docs"
build:
stage: build
image: ${NEXUS_REGISTRY}/buildah/stable:latest
variables:
STORAGE_DRIVER: vfs
tags:
- docker
before_script:
- buildah rm --all 2>/dev/null || true
- buildah rmi --all --force 2>/dev/null || true
- rm -rf /home/gitlab-runner/builds/.buildah-storage 2>/dev/null || true
- |
AUTH_QUAY=$(echo -n "$QUAY_USERNAME:$QUAY_PASSWORD" | base64 -w0)
AUTH_NEXUS=$(echo -n "$NEXUS_USERNAME:$NEXUS_PASSWORD" | base64 -w0)
AUTHFILE="$HOME/.config/containers/auth.json"
mkdir -p "$(dirname $AUTHFILE)"
printf '{"auths":{"%s":{"auth":"%s"},"%s":{"auth":"%s"}}}' \
"$QUAY_REGISTRY" "$AUTH_QUAY" \
"$NEXUS_REGISTRY" "$AUTH_NEXUS" > "$AUTHFILE"
POLICY="$HOME/policy.json"
printf '{"default":[{"type":"insecureAcceptAnything"}]}' > "$POLICY"
script:
- |
buildah bud \
--storage-driver ${STORAGE_DRIVER} \
--tls-verify=false \
--signature-policy "$HOME/policy.json" \
--layers=false \
-f Containerfile \
-t "${DOCS_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}" \
-t "${DOCS_IMAGE_NAME}:latest" \
.
- |
buildah push \
--storage-driver ${STORAGE_DRIVER} \
--tls-verify=false \
--signature-policy "$HOME/policy.json" \
--authfile "$HOME/.config/containers/auth.json" \
"${DOCS_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA}"
- |
buildah push \
--storage-driver ${STORAGE_DRIVER} \
--tls-verify=false \
--signature-policy "$HOME/policy.json" \
--authfile "$HOME/.config/containers/auth.json" \
"${DOCS_IMAGE_NAME}:latest"
rules:
- if: $CI_COMMIT_BRANCH == "main"
deploy:
stage: deploy
image: ${NEXUS_REGISTRY}/alpine/git:latest
needs:
- job: build
artifacts: false
before_script:
- git config --global user.email "ci@indentia.ai"
- git config --global user.name "GitLab CI"
- git config --global http.sslVerify false
script:
- |
git clone ${GITOPS_REPO}
cd ${GITOPS_COMPONENT_PATH}
sed -i "s|newTag:.*|newTag: ${CI_COMMIT_SHORT_SHA}|" kustomization.yaml
git add kustomization.yaml
git commit -m "chore: update indentiadb-docs to ${CI_COMMIT_SHORT_SHA} [skip ci]"
git push origin main
rules:
- if: $CI_COMMIT_BRANCH == "main"
sign-image:
extends: .sign_and_attest
needs: [build]
variables:
SIGN_IMAGES: "${DOCS_IMAGE_NAME}:${CI_COMMIT_SHORT_SHA} ${DOCS_IMAGE_NAME}:latest"
rules:
- if: '$CI_COMMIT_BRANCH == "main"'