... | ... | @@ -210,4 +210,49 @@ include: |
|
|
```
|
|
|
|
|
|
The first part is about defining the stages, then running the test.
|
|
|
The second part will create the docker image and push it to a docker repository |
|
|
\ No newline at end of file |
|
|
The second part will create the docker image and push it to a docker repository
|
|
|
Here we use a [docker in docker image](https://www.docker.com/blog/docker-can-now-run-within-docker/), docker in docker let us run docker commands within a docker image.
|
|
|
```yaml
|
|
|
deploy:
|
|
|
stage: build
|
|
|
image: docker:18.09.7-dind
|
|
|
variables:
|
|
|
IMAGE_TAG: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
|
|
|
DOCKER_DRIVER: overlay2
|
|
|
DOCKER_TLS_CERTDIR: ""
|
|
|
services:
|
|
|
- name: docker:18.09.7-dind
|
|
|
entrypoint: ["env", "-u", "DOCKER_TLS_CERTDIR"]
|
|
|
command: ["dockerd-entrypoint.sh"]
|
|
|
```
|
|
|
This docker image is base on alpine linux, this explain why the installation of git is done with `apk update` and `apk add git` (and not with `apt install git`). By the way, git is needed to retrieve the commit_id and use it when creating the docker image
|
|
|
```yaml
|
|
|
- echo ---- ---- ---- SYSTEM DEPENDENCIES ---- ---- ----
|
|
|
- apk update
|
|
|
- apk add git
|
|
|
```
|
|
|
When creating the docker image we use some GitLab variables:
|
|
|
- $CI_REGISTRY_IMAGE
|
|
|
- $CI_REGISTRY_USER
|
|
|
- $CI_REGISTRY_PASSWORD
|
|
|
- $CI_REGISTRY : docker registry
|
|
|
- $CI_COMMIT_REF_SLUG
|
|
|
- $CI_COMMIT_SHA : git commit sha
|
|
|
|
|
|
Those variables are used to log in to docker container registry associated to the current project and push the newly generated docker images.
|
|
|
```yaml
|
|
|
- echo ---- ---- BUILD IMAGE
|
|
|
- docker build -t $IMAGE_TAG -t=$CI_REGISTRY_IMAGE:latest --rm . -f ./build/Dockerfile --build-arg PIP_WHEEL_DIR=python-packages --build-arg build_date="$current_utc_date" --build-arg build_number=$commit_id --build-arg commit_id=$commit_id --build-arg build_origin="Gitlab" --build-arg commit_branch=$commit_branch
|
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
|
- echo ---- ---- PUSH IMAGE
|
|
|
- docker push $IMAGE_TAG
|
|
|
- docker push $CI_REGISTRY_IMAGE:latest
|
|
|
```
|
|
|
The last part is running some analysis tools provided by GitLab on the docker image, those tests requires the image to have this tag : `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA`
|
|
|
```yaml
|
|
|
include:
|
|
|
- template: Container-Scanning.gitlab-ci.yml
|
|
|
- template: Dependency-Scanning.gitlab-ci.yml
|
|
|
- template: Security/SAST.gitlab-ci.yml
|
|
|
```
|
|
|
The results of those tests are accessible in the pipeline details |
|
|
\ No newline at end of file |