adds runner control to jobs

870b8ec3 · Benguria Elguezabal, Gorka · 6faf136a · 870b8ec3
Commit 870b8ec3 authored 10 months ago by Benguria Elguezabal, Gorka
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -185,6 +185,31 @@ spec:
    sbom-opts:
      description: Options for syft used for SBOM analysis
      default: --override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger
+    hadolint-job-tags:
+      description: tags to filter applicable runners for hadolint job
+      default: []
+    kaniko-build-job-tags:
+      description: tags to filter applicable runners for kaniko build job
+      default: []
+    dind-build-job-tags:
+      description: tags to filter applicable runners for dind build job
+      default: []
+    buildah-build-job-tags:
+      description: tags to filter applicable runners for buildah build job
+      default: []
+    healthcheck-job-tags:
+      description: tags to filter applicable runners for healthcheck job
+      default: []
+    trivy-job-tags:
+      description: tags to filter applicable runners for trivy job
+      default: []
+    sbom-job-tags:
+      description: tags to filter applicable runners for sbom job
+      default: []
+    publish-job-tags:
+      description: tags to filter applicable runners for publish job
+      default: []
+
 ---
 # default workflow rules: Merge Request pipelines
 workflow:
@@ -750,6 +775,7 @@ docker-hadolint:
    - if: '$DOCKER_HADOLINT_DISABLED == "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.hadolint-job-tags ]]

 # ==================================================
 # Stage: package-build
@@ -777,6 +803,7 @@ docker-kaniko-build:
        - docker.env
  rules:
    - if: '$DOCKER_BUILD_TOOL == "kaniko"'
+  tags: $[[ inputs.kaniko-build-job-tags ]]

 docker-dind-build:
  extends: .docker-dind-base
@@ -814,6 +841,7 @@ docker-dind-build:
        - docker.env
  rules:
    - if: '$DOCKER_BUILD_TOOL == "dind"'
+  tags: $[[ inputs.dind-build-job-tags ]]

 docker-buildah-build:
  extends: .docker-base
@@ -851,6 +879,7 @@ docker-buildah-build:
        - docker.env
  rules:
    - if: '$DOCKER_BUILD_TOOL == "buildah"'
+  tags: $[[ inputs.buildah-build-job-tags ]]

 # ==================================================
 # Stage: package-test
@@ -918,6 +947,7 @@ docker-healthcheck:
    - if: '$DOCKER_BUILD_TOOL != "dind"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.healthcheck-job-tags ]]

 # Security audit with trivy
 docker-trivy:
@@ -968,6 +998,7 @@ docker-trivy:
    - if: '$DOCKER_TRIVY_DISABLED == "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.trivy-job-tags ]]

 docker-sbom:
  extends: .docker-base
@@ -994,6 +1025,7 @@ docker-sbom:
    - if: '$DOCKER_SBOM_DISABLED == "true"'
      when: never
    - !reference [.test-policy, rules]
+  tags: $[[ inputs.sbom-job-tags ]]

 # ==================================================
 # Stage: publish
@@ -1065,3 +1097,4 @@ docker-publish:
    - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "manual"'
      when: manual
    - if: '$DOCKER_PROD_PUBLISH_STRATEGY == "auto"'
+  tags: $[[ inputs.publish-job-tags ]]
\ No newline at end of file