-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
83 lines (75 loc) · 2.34 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
image: docker:latest
services:
- docker:dind
stages:
- build
- test
- notifications
variables:
REGISTRY: "docker.io"
REGISTRY_USER: "robpco"
RELEASE_IMAGE: "gitlabci"
RELEASE_TAG: "latest"
REGISTRY_IMAGE: "${REGISTRY}/${REGISTRY_USER}/${RELEASE_IMAGE}"
before_script:
- docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASSWORD"
build:
stage: build
script:
- docker build --pull --tag "${REGISTRY_IMAGE}:latest" .
- docker push "${REGISTRY_IMAGE}:latest"
only:
refs:
- master
- schedules
container_scanning:
stage: test
# image: docker:latest
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
# services:
# - docker:dind
script:
- docker run -d --name db arminc/clair-db:latest
- docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
- apk add -U wget ca-certificates
- docker pull ${REGISTRY_IMAGE}:latest
- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
- mv clair-scanner_linux_amd64 clair-scanner
- chmod +x clair-scanner
- touch clair-whitelist.yml
- while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
- retries=0
- echo "Waiting for clair daemon to start"
- while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
- ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${REGISTRY_IMAGE}:latest || true
artifacts:
paths: [gl-container-scanning-report.json]
only:
variables:
- $CI_COMMIT_TAG =~ /^test+/
notify_succcess_slack:
stage: notifications
allow_failure: true
script:
- apk --update add curl
- date=$(date +%Y%m%d-%H%M)
- './.cicd/notify_slack.sh "#builds" "$RELEASE_IMAGE - build success at $date"'
when: on_success
only:
refs:
- master
- schedules
notify_fail_slack:
stage: notifications
allow_failure: true
script:
- apk --update add curl
- date=$(date +%Y%m%d-%H%M)
- './.cicd/notify_slack.sh "#builds" "$RELEASE_IMAGE - build failure at $date"'
when: on_failure
only:
refs:
- master
- schedules