variables: ANSIBLE_GALAXY_PACKAGE_NAME: phpipam_scanagent GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/docker-bind.git" # GIT_SUBMODULE_PATHS: gitlab-ci GIT_SUBMODULE_DEPTH: 1 # Docs NFC PAGES_ENVIRONMENT_PATH: "projects/ansible/collection/$CI_PROJECT_NAME" # Docker Build / Publish DOCKER_IMAGE_BUILD_TARGET_PLATFORMS: "linux/amd64,linux/arm64" DOCKER_IMAGE_BUILD_NAME: phpipam-scan-agent DOCKER_IMAGE_BUILD_REGISTRY: $CI_REGISTRY_IMAGE DOCKER_IMAGE_BUILD_TAG: $CI_COMMIT_SHA # Docker Publish DOCKER_IMAGE_PUBLISH_NAME: phpipam-scan-agent DOCKER_IMAGE_PUBLISH_REGISTRY: docker.io/nofusscomputing DOCKER_IMAGE_PUBLISH_URL: https://hub.docker.com/r/nofusscomputing/$DOCKER_IMAGE_PUBLISH_NAME include: - project: nofusscomputing/projects/gitlab-ci ref: development file: - .gitlab-ci_common.yaml - template/ansible-collection.gitlab-ci.yaml - template/mkdocs-documentation.gitlab-ci.yaml # ToDo: update gitlabCI jobs for collections workflow - git_push_mirror/.gitlab-ci.yml .build_docker_container: stage: prepare image: name: nofusscomputing/docker-buildx-qemu:dev pull_policy: always services: - name: docker:23-dind entrypoint: ["env", "-u", "DOCKER_HOST"] command: ["dockerd-entrypoint.sh"] variables: DOCKER_HOST: tcp://docker:2375/ DOCKER_DRIVER: overlay2 DOCKER_DOCKERFILE: dockerfile # See https://github.com/docker-library/docker/pull/166 DOCKER_TLS_CERTDIR: "" # DOCKER_BUILD_ARGS: # Optional before_script: - git submodule foreach git submodule update --init - docker info - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - update-binfmts --display - update-binfmts --enable # Important: Ensures execution of other binary formats is enabled in the kernel - docker buildx create --driver=docker-container --driver-opt image=moby/buildkit:v0.11.6 --use - docker buildx inspect --bootstrap script: - update-binfmts --display - | echo "[DEBUG] building multiarch/specified arch image"; if [ ${CI_COMMIT_TAG} ]; then export DOCKER_BUILD_ARGS="$DOCKER_BUILD_ARGS --build-arg COLLECTION_PACKAGE=${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${ANSIBLE_GALAXY_NAMESPACE}-${ANSIBLE_GALAXY_PACKAGE_NAME}-${CI_COMMIT_TAG}.tar.gz" echo "Trace Updated DOCKER_BUILD_ARGS[$DOCKER_BUILD_ARGS]"; fi; docker buildx build --platform=$DOCKER_IMAGE_BUILD_TARGET_PLATFORMS . \ --label org.opencontainers.image.created="$(date '+%Y-%m-%d %H:%M:%S%:z')" \ --label org.opencontainers.image.documentation="https://nofusscomputing/$PAGES_ENVIRONMENT_PATH/" \ --label org.opencontainers.image.source="$CI_PROJECT_URL" \ --label org.opencontainers.image.revision="$CI_COMMIT_SHA" \ --push \ --build-arg COLLECTION_BRANCH=$CI_COMMIT_BRANCH --build-arg COLLECTION_COMMIT=$CI_COMMIT_SHA \ $DOCKER_BUILD_ARGS \ --build-arg CI_JOB_TOKEN=$CI_JOB_TOKEN --build-arg CI_PROJECT_ID=$CI_PROJECT_ID --build-arg CI_API_V4_URL=$CI_API_V4_URL \ --file $DOCKER_DOCKERFILE \ --tag $DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG; docker buildx imagetools inspect $DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG; # during docker multi platform build there are >=3 additional unknown images added to gitlab container registry. cleanup DOCKER_MULTI_ARCH_IMAGES=$(docker buildx imagetools inspect "$DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG" --format "{{ range .Manifest.Manifests }}{{ if ne (print .Platform) \"&{unknown unknown [] }\" }}$DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG@{{ println .Digest }}{{end}} {{end}}"); docker buildx imagetools create $DOCKER_MULTI_ARCH_IMAGES --tag $DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG; docker buildx imagetools inspect $DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG; # Declare rules with job # rules: # - if: $CI_COMMIT_TAG # when: on_success # - if: "$CI_COMMIT_AUTHOR =='nfc_bot '" # when: never # - if: # Occur on merge # $CI_COMMIT_BRANCH == "development" # && # $CI_PIPELINE_SOURCE == "push" # when: always # - if: # $CI_COMMIT_BRANCH != "development" # && # $CI_COMMIT_BRANCH != "master" # && # $CI_PIPELINE_SOURCE == "push" # when: always # - when: never .publish-docker-hub: stage: publish image: docker:23-dind services: - docker:23-dind variables: GIT_STRATEGY: none before_script: - | docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD; for i in ${DOCKER_IMAGE_BUILD_TARGET_PLATFORMS//,/ } do docker buildx imagetools inspect $DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG; DOCKER_MULTI_ARCH_IMAGES=$(docker buildx imagetools inspect "$DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG" --format "{{ range .Manifest.Manifests }}$DOCKER_IMAGE_BUILD_REGISTRY/$DOCKER_IMAGE_BUILD_NAME:$DOCKER_IMAGE_BUILD_TAG@{{ println .Digest }} {{end}}") echo "[DEBUG] DOCKER_MULTI_ARCH_IMAGES=$DOCKER_MULTI_ARCH_IMAGES"; done; script: - docker login docker.io -u $NFC_DOCKERHUB_USERNAME -p $NFC_DOCKERHUB_TOKEN - docker image ls - | DOCKER_HUB_TAG=dev echo "[DEBUG] default: DOCKER_HUB_TAG=$DOCKER_HUB_TAG"; if [ "$CI_COMMIT_BRANCH" != "master" ]; then DOCKER_HUB_TAG=latest echo "[DEBUG] stable: DOCKER_HUB_TAG=$DOCKER_HUB_TAG"; elif [ "$CI_COMMIT_BRANCH" == "development" ]; then DOCKER_HUB_TAG=dev echo "[DEBUG] dev: DOCKER_HUB_TAG=$DOCKER_HUB_TAG"; fi; echo "[DEBUG] DOCKER_IMAGE_PUBLISH_NAME=$DOCKER_IMAGE_PUBLISH_NAME"; echo "[DEBUG] final: DOCKER_HUB_TAG=$DOCKER_HUB_TAG"; echo "[DEBUG] DOCKER_MULTI_ARCH_IMAGES=$DOCKER_MULTI_ARCH_IMAGES"; docker buildx imagetools create $DOCKER_MULTI_ARCH_IMAGES --tag $DOCKER_IMAGE_PUBLISH_REGISTRY/$DOCKER_IMAGE_PUBLISH_NAME:$DOCKER_HUB_TAG; docker buildx imagetools create $DOCKER_MULTI_ARCH_IMAGES --tag $DOCKER_IMAGE_PUBLISH_REGISTRY/$DOCKER_IMAGE_PUBLISH_NAME:$CI_COMMIT_TAG; after_script: - docker logout docker.io environment: name: DockerHub url: $DOCKER_IMAGE_PUBLISH_URL rules: - if: $CI_COMMIT_TAG when: on_success - when: never Docker Container (dev): extends: .build_docker_container resource_group: docker-build needs: - Build Collection rules: - if: $CI_COMMIT_TAG when: never - if: "$CI_COMMIT_AUTHOR =='nfc_bot '" when: never - if: $CI_COMMIT_BRANCH != "development" && $CI_COMMIT_BRANCH != "master" && $CI_PIPELINE_SOURCE == "push" when: always - when: never Docker Hub (dev): extends: .publish-docker-hub needs: - "Docker Container (dev)" resource_group: docker-build rules: - if: $CI_COMMIT_TAG when: never - if: "$CI_COMMIT_AUTHOR =='nfc_bot '" when: never - if: $CI_COMMIT_BRANCH == "development" && $CI_PIPELINE_SOURCE == "push" when: always - when: never Docker Container: extends: .build_docker_container resource_group: docker-build needs: - Stage Collection rules: - if: $CI_COMMIT_TAG when: on_success - if: "$CI_COMMIT_AUTHOR =='nfc_bot '" when: never - if: # Occur on merge $CI_COMMIT_BRANCH == "development" && $CI_PIPELINE_SOURCE == "push" when: always - when: never Docker Hub: extends: .publish-docker-hub needs: - "Docker Container" - "Gitlab Release" resource_group: docker-build rules: - if: $CI_COMMIT_TAG when: on_success - when: never