-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
90 lines (75 loc) · 2.25 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
image: docker:19.03.1
variables:
DOCKER_DRIVER: "overlay2"
DOCKER_TLS_CERTDIR: ""
DOCKER_DAEMON_OPTIONS: "--insecure-registry=${CI_REGISTRY}"
MINIKUBE_USER: "gitlabcicd"
IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
#CONTAINER_SCANNING_DISABLED: "true"
services:
- name: docker:19.03.1-dind
entrypoint: [ "sh", "-c", "dockerd-entrypoint.sh ${DOCKER_DAEMON_OPTIONS}" ]
command:
- "--log-level=debug"
- "-insecure-tls"
stages:
- lint
- build
- test
- deploy
lint_dockerfile:
image: projectatomic/dockerfile-lint
stage: lint
# allow_failure: true
script:
- dockerfile_lint --export-rules
- dockerfile_lint -v -f $CI_PROJECT_DIR/Dockerfile
build_dockerfile:
image: docker:latest
stage: build
script:
- env
- docker version
- docker info
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker build -t $IMAGE .
- docker push $IMAGE
container_scanning:
stage: test
image: docker:latest
allow_failure: true
script:
- apk add --no-cache --update curl wget grep sed git
- wget -q https://github.com/aquasecurity/trivy/releases/download/v0.3.1/trivy_0.3.1_Linux-64bit.tar.gz
- tar zxf trivy*.tar.gz
- mv trivy /usr/local/bin
- chmod +x /usr/local/bin/trivy
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker pull $IMAGE
- docker image ls
- /usr/local/bin/trivy --no-progress --exit-code 1 --severity CRITICAL -debug $IMAGE
artifacts:
expire_in: 1d
paths:
- data/
except:
variables:
- $CONTAINER_SCANNING_DISABLED
deploy_dev:
stage: deploy
environment:
name: dev
image: dtzar/helm-kubectl:latest
script:
- kubectl config set-cluster minikube --server="$MINIKUBE_APISERVER" --certificate-authority="$MINIKUBE_CA"
- kubectl config set-credentials "${MINIKUBE_USER}" --token="$MINIKUBE_USER_TOKEN"
- kubectl config set-context minikube --cluster=minikube --user="${MINIKUBE_USER}"
- kubectl config use-context minikube
- kubectl config get-contexts
- kubectl config view
- kubectl -n default get all -o wide
- kubectl version
- echo "${IMAGE}"
- sed -i "s%<IMAGE>%${IMAGE}%g" spec.yaml
- cat spec.yaml
- kubectl apply -f spec.yaml