-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
95 lines (88 loc) · 2.78 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
workflow:
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
include:
- file: /Scan/trivy.yml
project: jitesoft/gitlab-ci-lib
- file: /OCI/push-readme.yml
project: jitesoft/gitlab-ci-lib
stages:
- readme
- build
- scan
update-readme:
stage: readme
extends: .readme-check.v2
variables:
PUSHRM_FILE: "$CI_PROJECT_DIR/README.md"
GIT_DEPTH: "3"
REGISTRIES: "quay.io/jitesoft/composer,docker.io/jitesoft/composer"
tags: [ protected ]
download:
rules:
- if: '$CI_PIPELINE_SOURCE == "web"'
when: always
- if: '$CI_PIPELINE_SOURCE == "trigger"'
when: always
stage: .pre
image: registry.gitlab.com/jitesoft/dockerfiles/alpine:latest
variables:
GIT_STRATEGY: none
before_script:
- apk add --no-cache coreutils curl
script:
- mkdir downloads
- cd downloads
- curl -LOsS https://composer.github.io/installer.sha384sum
- curl -L -o composer-setup.php https://getcomposer.org/installer
- sha384sum --check installer.sha384sum
artifacts:
expire_in: 2 days
paths:
- downloads/
build:
rules:
- if: '$CI_PIPELINE_SOURCE == "web"'
when: on_success
- if: '$CI_PIPELINE_SOURCE == "trigger"'
when: on_success
parallel:
matrix:
- { VERSION: "8.1", TAGS: "8.1" }
- { VERSION: "8.2", TAGS: "8.2" }
- { VERSION: "8.3", TAGS: "latest,stable,8,8.3" }
image: registry.gitlab.com/jitesoft/dockerfiles/misc:latest
stage: build
needs:
- job: download
artifacts: true
script:
- C_VERSION=$(wget -qO- https://getcomposer.org | grep -oP "(?<=<strong>)([0-9]{0,3}(\.?)){3}" | awk 'NR==1{print $1}')
- TAG_LIST=$(helper "ghcr.io/jitesoft/composer,jitesoft/composer,quay.io/jitesoft/composer,${CI_REGISTRY_IMAGE}" "${TAGS}")
- docker buildx build --platform linux/amd64,linux/arm64 --progress plain --push ${TAG_LIST} --build-arg PHP_VERSION=${VERSION} --build-arg COMPOSER_VERSION=${C_VERSION} .
tags: [ jitesoft, buildx, protected ]
scan:
rules:
- if: '$CI_PIPELINE_SOURCE == "web"'
when: on_success
- if: '$CI_PIPELINE_SOURCE == "trigger"'
when: on_success
stage: scan
extends: .scan.container.trivy.remote
needs:
- job: build
artifacts: false
parallel:
matrix:
- { SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}:8.1", GIT_STRATEGY: "none" }
- { SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}:8.2", GIT_STRATEGY: "none" }
- { SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}:8.3", GIT_STRATEGY: "none" }
trigger:phpunt:
rules:
- if: '$CI_PIPELINE_SOURCE == "web"'
when: on_success
- if: '$CI_PIPELINE_SOURCE == "trigger"'
when: on_success
stage: .post
trigger:
project: jitesoft/dockerfiles/phpunit