-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path.gitlab-ci.yml
98 lines (88 loc) · 2.89 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
variables:
GIT_SUBMODULE_STRATEGY: recursive
DOCKER_DRIVER: overlay2
GIT_STRATEGY: fetch
CS_DOCKERFILE_PATH: $CI_PROJECT_DIR/Dockerfile
# Can't use the {::8} notation to get a short sha in the variables section, so exporting below
before_script:
- export CI_COMMIT_SHA_SHORT=${CI_COMMIT_SHA::8}
- export CUSTOM_PROJECT_PATH=$(echo $CI_PROJECT_PATH | tr '[:upper:]' '[:lower:]')
- export IMAGE_NAME=$CI_REGISTRY/$CUSTOM_PROJECT_PATH:$CI_COMMIT_SHORT_SHA-$CI_PIPELINE_ID
stages:
- build
- test
- deploy_dev
- deploy_prod
build:
stage: build
tags:
- dind
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $IMAGE_NAME .
- docker push $IMAGE_NAME
container_scanning:
stage: test
tags:
- dind2
rules:
- if: $CI_COMMIT_BRANCH == 'master'
variables:
# To provide a `vulnerability-allowlist.yml` file, override the GIT_STRATEGY variable in your
# `.gitlab-ci.yml` file and set it to `fetch`.
# For details, see the following links:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# https://docs.gitlab.com/ee/user/application_security/container_scanning/#vulnerability-allowlisting
GIT_STRATEGY: fetch
CS_IMAGE: $IMAGE_NAME
CS_DOCKERFILE_PATH: $CI_PROJECT_DIR/Dockerfile
SECURE_LOG_LEVEL: "debug"
# allow_failure: true
# artifacts:
# reports:
# container_scanning: gl-container-scanning-report.json
# dependency_scanning: gl-dependency-scanning-report.json
# paths: [gl-container-scanning-report.json, gl-dependency-scanning-report.json]
include:
- template: Jobs/Container-Scanning.gitlab-ci.yml
# Reusable template, requires the $KUBE_CONFIG and $NAMESPACE variables to be set
# This subsitutes the environment variable $IMAGE_NAME in the overlay file, and deploys
.template: &deploy
image: ebiwd/alpine-ssh:latest
script:
- mkdir -p $HOME/.kube
- echo -n $KUBE_CONFIG | base64 -d > $HOME/.kube/config
- envsubst '$IMAGE_NAME' < k8s/overlays/caas/ci_image.yaml > file.tmp && mv file.tmp k8s/overlays/caas/ci_image.yaml
- kubectl kustomize k8s/overlays/caas/ | kubectl --namespace=$NAMESPACE apply -f -
deploy_to_hh_wp_dev:
stage: deploy_dev
only:
- master
variables:
NAMESPACE: static-sites-dev
KUBE_CONFIG: $HH_EBIWD_STATIC_KUBE_CONFIG
<<: *deploy
deploy_to_hx_wp_dev:
stage: deploy_dev
only:
- master
variables:
NAMESPACE: static-sites-dev
KUBE_CONFIG: $HX_EBIWD_STATIC_KUBE_CONFIG
<<: *deploy
deploy_to_hh_wp_prod:
stage: deploy_prod
only:
- tags
variables:
NAMESPACE: static-sites-prod
KUBE_CONFIG: $HH_EBIWD_STATIC_KUBE_CONFIG
<<: *deploy
deploy_to_hx_wp_prod:
stage: deploy_prod
only:
- tags
variables:
NAMESPACE: static-sites-prod
KUBE_CONFIG: $HX_EBIWD_STATIC_KUBE_CONFIG
<<: *deploy