-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
118 lines (111 loc) · 3.73 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
include:
- project: jitesoft/gitlab-ci-lib
file: Scan/trivy.yml
- file: /OCI/push-readme.yml
project: jitesoft/gitlab-ci-lib
workflow:
rules:
- if: "$CI_COMMIT_BRANCH == 'master'"
when: always
- when: never
stages:
- readme
- download
- build
- scan
update-readme:
stage: readme
extends: .readme-check.v2
variables:
PUSHRM_FILE: "$CI_PROJECT_DIR/README.md"
GIT_DEPTH: "3"
REGISTRIES: "quay.io/jitesoft/go,docker.io/jitesoft/go"
tags: [ protected ]
check:
stage: download
rules:
- if: '$CI_PIPELINE_SOURCE == "schedule"'
when: always
- if: '$CI_PIPELINE_SOURCE == "web"'
when: always
- when: never
parallel:
matrix:
- { VERSION: 'latest', GIT_STRATEGY: 'none' }
- { VERSION: 'prev', GIT_STRATEGY: 'none' }
image: registry.gitlab.com/jitesoft/dockerfiles/alpine:latest
before_script:
- apk add --no-cache grep wget curl
- touch ${VERSION}.txt
script:
- if [ "$VERSION" == "latest" ]; then REMOTE_VERSION=$(wget -qO- https://golang.org/dl/ | grep -oP "(?<=go)([0-9]{0,3}[.][0-9]{0,3}([.][0-9]{0,3})?)(?=.linux)" | uniq | awk 'NR==1{print $0}'); fi
- if [ "$VERSION" != "latest" ]; then REMOTE_VERSION=$(wget -qO- https://golang.org/dl/ | grep -oP "(?<=go)([0-9]{0,3}[.][0-9]{0,3}([.][0-9]{0,3})?)(?=.linux)" | uniq | awk 'NR==2{print $0}'); fi
- LOCAL_VERSION=$(cat ${VERSION}.txt)
- |
if [ ! -z "${FORCE_BUILD+x}" ] || [ "${REMOTE_VERSION}" != "${LOCAL_VERSION}" ]; then
echo "${REMOTE_VERSION} and ${LOCAL_VERSION} differ. Running build."
curl -F token=${CI_JOB_TOKEN} -F ref=master -F "variables[V_TYPE]=${VERSION}" -F "variables[VERSION]=${REMOTE_VERSION}" -F "variables[BUILD]=true" https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/trigger/pipeline
else
echo "${REMOTE_VERSION} and ${LOCAL_VERSION} where equal. Running scan."
curl -F token=${CI_JOB_TOKEN} -F ref=master -F "variables[OS_TYPE]=${OS_TYPE}" -F "variables[V_TYPE]=${VERSION}" -F "variables[VERSION]=${REMOTE_VERSION}" -F "variables[SCAN]=true" https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/trigger/pipeline
fi
cache:
paths:
- ${VERSION}.txt
policy: pull
download:
stage: download
image: registry.gitlab.com/jitesoft/dockerfiles/misc:latest
script:
- echo "Downloading version ${VERSION} (${V_TYPE})"
- apk add --no-cache libxml2-utils grep wget
- SHASUM=$(wget -qO- https://golang.org/dl/ | xmllint --html --xpath "//a[contains(@class, 'download') and contains(@href, 'go${VERSION}.src.tar.gz') and not(contains(@class, 'downloadBox'))]/parent::td/following-sibling::td[5]/tt/text()" - 2>/dev/null)
- echo "Found sha ${SHASUM}"
- echo "${SHASUM} go${VERSION}.src.tar.gz" > sha256sum.txt
- wget "https://golang.org/dl/go${VERSION}.src.tar.gz"
- sha256sum -c sha256sum.txt
artifacts:
paths:
- go${VERSION}.src.tar.gz
expire_in: 1 day
when: on_success
rules:
- if: "$BUILD"
when: always
- when: never
build:
stage: build
needs:
- download
parallel:
matrix:
- { OS_TYPE: 'alpine' }
- { OS_TYPE: 'ubuntu' }
- { OS_TYPE: 'debian' }
trigger:
include: ".gitlab/build.yml"
strategy: depend
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
TYPE: $V_TYPE
VERSION: $VERSION
OS_TYPE: $OS_TYPE
rules:
- if: "$BUILD"
when: on_success
- when: never
scan:
stage: scan
extends: .container_scanning
rules:
- if: "$SCAN"
when: always
- if: "$BUILD"
when: on_success
- when: never
variables:
GIT_STRATEGY: none
before_script:
- TAG=":${VERSION}"
- if [ $OS_TYPE != 'alpine' ]; then TAG="/${OS_TYPE}:${VERSION}"; fi
- SCANNING_IMAGE_NAME="${CI_REGISTRY_IMAGE}${TAG}"