Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 6
  • 6.1
  • 6.1.0
  • 6.0
  • 6.0.0
  • 5.14
  • 5.14.1
  • 5.14.0
  • 5.13
  • 5.13.3
  • 5.13.2
  • 5.13.1
  • 5.13.0
  • 5.12.1
  • 5
  • 5.12
  • 5.12.0
  • 5.11.1
  • 5.11
  • 5.11.0
21 results
Blame Permalink
gitlab-ci-docker.yml 26.62 KiB 
# =========================================================================================
# Copyright (C) 2021 Orange & contributors
#
# This program is free software; you can redistribute it and/or modify it under the terms 
# of the GNU Lesser General Public License as published by the Free Software Foundation; 
# either version 3 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with this 
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth 
# Floor, Boston, MA  02110-1301, USA.
# =========================================================================================
variables:
  DOCKER_LINT_IMAGE: "projectatomic/dockerfile-lint:latest"
  DOCKER_HADOLINT_IMAGE: "hadolint/hadolint:latest-alpine"
  DOCKER_IMAGE: "docker:latest"
  DOCKER_DIND_IMAGE: "docker:dind"
  DOCKER_KANIKO_IMAGE: "gcr.io/kaniko-project/executor:debug"
  DOCKER_SKOPEO_IMAGE: "quay.io/skopeo/stable:latest"

  # for retro-compatibility (deprecated & undocumented)
  DOCKER_DOCKERFILE_PATH: "."
  DOCKER_FILE: "$DOCKER_DOCKERFILE_PATH/Dockerfile"

  # When testing a Docker Health (test stage), how long (in seconds) wait for the HealthCheck status (https://docs.docker.com/engine/reference/builder/#healthcheck)
  DOCKER_HEALTHCHECK_TIMEOUT: "60"

  # Default Docker config uses the internal GitLab registry
  DOCKER_SNAPSHOT_IMAGE: "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG"
  DOCKER_RELEASE_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME"

  DOCKER_KANIKO_VERBOSITY: "info"

  DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
  DOCKER_TRIVY_IMAGE: "aquasec/trivy:latest"
  DOCKER_TRIVY_ARGS: "--ignore-unfixed"

  # by default: DevOps pipeline
  PUBLISH_ON_PROD: "true"

  # default production ref name (pattern)
  PROD_REF: '/^(master|main)$/'
  # default integration ref name (pattern)
  INTEG_REF: '/^develop$/'

  # don't use CI_PROJECT_TITLE, kaniko doesn't support space in argument right now (https://github.com/GoogleContainerTools/kaniko/issues/1231)
  DOCKER_METADATA: >-
    --label org.opencontainers.image.url=${CI_PROJECT_URL}
    --label org.opencontainers.image.source=${CI_PROJECT_URL}
    --label org.opencontainers.image.title=${CI_PROJECT_PATH}
    --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}
    --label org.opencontainers.image.revision=${CI_COMMIT_SHA}
    --label org.opencontainers.image.created=${CI_JOB_STARTED_AT}

# ==================================================
# Stages definition
# ==================================================

stages:
  - build
  - package-build
  - package-test
  - publish

# ==================================================
# Base Jobs definition
# ==================================================