-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
186 lines (171 loc) · 5.37 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
image:
name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/1.4:v1.0.0"
variables:
TF_ROOT: terraform
TF_STATE_NAME: default # The name of the state file used by the GitLab Managed Terraform state backend
cache:
key: "${TF_ROOT}"
paths:
- ${TF_ROOT}/.terraform/
.terraform:fmt:
stage: validate
variables:
TF_ROOT: terraform
script:
- gitlab-terraform fmt
allow_failure: true
.terraform:validate:
stage: validate
variables:
TF_ROOT: terraform
script:
- gitlab-terraform validate
.terraform:build:
stage: build
script:
- gitlab-terraform plan
- gitlab-terraform plan-json
resource_group: ${TF_STATE_NAME}
artifacts:
# The next line, which disables public access to pipeline artifacts, may not be available everywhere.
# See: https://docs.gitlab.com/ee/ci/yaml/#artifactspublic
public: false
paths:
- ${TF_ROOT}/plan.cache
reports:
terraform: ${TF_ROOT}/plan.json
.terraform:deploy:
stage: deploy
script:
- gitlab-terraform apply
resource_group: ${TF_STATE_NAME}
.terraform:destroy:
stage: cleanup
script:
- gitlab-terraform destroy
resource_group: ${TF_STATE_NAME}
when: manual
stages:
- build
- validate
- test
- build-develop
- deploy-develop
- cleanup
fmt:
extends: .terraform:fmt
variables:
TF_ROOT: terraform
needs: []
validate:
extends: .terraform:validate
variables:
TF_ROOT: terraform
needs: []
build-develop:
extends: .terraform:build
stage: build-develop
variables:
TF_STATE_NAME: develop
environment:
name: develop
action: prepare
deploy-develop:
extends: .terraform:deploy
stage: deploy-develop
variables:
TF_STATE_NAME: develop
dependencies:
- build-develop
environment:
name: develop
action: start
build-production:
extends: .terraform:build
stage: build-production
variables:
TF_STATE_NAME: production
environment:
name: production
action: prepare
deploy-production:
extends: .terraform:deploy
stage: deploy-production
variables:
TF_STATE_NAME: production
dependencies:
- build-production
environment:
name: production
action: start
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $TF_AUTO_DEPLOY == "true"
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
when: manual
kaniko-build:
variables:
# Additional options for Kaniko executor.
# For more details see https://github.com/GoogleContainerTools/kaniko/blob/master/README.md#additional-flags
KANIKO_ARGS: ""
KANIKO_BUILD_CONTEXT: $CI_PROJECT_DIR
stage: build
image:
# For latest releases see https://github.com/GoogleContainerTools/kaniko/releases
# Only debug/*-debug versions of the Kaniko image are known to work within Gitlab CI
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
script:
# if the user provide IMAGE_TAG then use it, else build the image tag using the default logic.
# Default logic
# Compose docker tag name
# Git Branch/Tag to Docker Image Tag Mapping
# * Default Branch: main -> latest
# * Branch: feature/my-feature -> branch-feature-my-feature
# * Tag: v1.0.0/beta2 -> v1.0.0-beta2
- |
if [ -z ${IMAGE_TAG+x} ]; then
if [ "$CI_COMMIT_REF_NAME" = $CI_DEFAULT_BRANCH ]; then
VERSION="latest"
elif [ -n "$CI_COMMIT_TAG" ];then
NOSLASH=$(echo "$CI_COMMIT_TAG" | tr -s / - )
SANITIZED="${NOSLASH//[^a-zA-Z0-9.-]/}"
VERSION="$SANITIZED"
else \
NOSLASH=$(echo "$CI_COMMIT_REF_NAME" | tr -s / - )
SANITIZED="${NOSLASH//[^a-zA-Z0-9-]/}"
VERSION="branch-$SANITIZED"
fi
export IMAGE_TAG=$CI_REGISTRY_IMAGE:$VERSION
fi
- echo $IMAGE_TAG
- mkdir -p /kaniko/.docker
# Write credentials to access Gitlab Container Registry within the runner/ci
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
# Build and push the container. To disable push add --no-push
# Both Dockerfile and Containerfile are supported. For retrocompatibility, if both files are present, Dockerfile will be used.
- |
if [ -z "$DOCKERFILE_PATH" ]; then
if [ -f "$KANIKO_BUILD_CONTEXT/Dockerfile" ]; then
DOCKERFILE_PATH="$KANIKO_BUILD_CONTEXT/Dockerfile"
elif [ -n "$CONTAINERFILE_PATH" ]; then
DOCKERFILE_PATH="$CONTAINERFILE_PATH"
elif [ -f "$KANIKO_BUILD_CONTEXT/Containerfile" ]; then
DOCKERFILE_PATH="$KANIKO_BUILD_CONTEXT/Containerfile"
else \
echo "No suitable configuration for the build context have been found. Please check your configuration."
exit 1
fi
fi
- echo $DOCKERFILE_PATH
- /kaniko/executor --insecure-pull --insecure --skip-tls-verify --context $KANIKO_BUILD_CONTEXT --dockerfile $DOCKERFILE_PATH --destination $IMAGE_TAG $KANIKO_ARGS
# Run this job in a branch/tag where a Containerfile/Dockerfile exists
rules:
- exists:
- Containerfile
- Dockerfile
# custom Containerfile/Dockerfile path
# If both variables are set, DOCKERFILE_PATH will be used
- if: $DOCKERFILE_PATH
- if: $CONTAINERFILE_PATH
# custom build context without an explicit Dockerfile path
- if: $KANIKO_BUILD_CONTEXT != $CI_PROJECT_DIR