Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • add/gitlab-security
2 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
.gitlab-ci.yml 7.11 KiB 
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence

# container_scanning:
#   variables:
#     DOCKER_IMAGE: ...
#     DOCKER_USER: ...
#     DOCKER_PASSWORD: ...
image: docker:latest
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
lint-dockerfile:
  stage: test
  image: hadolint/hadolint:latest-debian
  before_script:
  - mkdir ~/.config
  - cp ./.hadolint.yaml ~/.config/hadolint.yaml
  script:
  - find . -name "Dockerfile" -execdir hadolint {} \;
lint-shell-script:
  stage: test
  image: koalaman/shellcheck-alpine:latest
  before_script:
  - shellcheck -V
  script:
  - find . -name "*.sh" -exec shellcheck {} \;
build-golang-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/golang:latest" ./golang/latest
  - docker push "$CI_REGISTRY_IMAGE/golang:latest"
  only:
  - master
  when: manual
build-golang-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/golang:latest-dev" ./golang/latest
  - docker push "$CI_REGISTRY_IMAGE/golang:latest-dev"
  except:
  - master
build-debian-bullseye-build-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:bullseye" ./debian/bullseye
  - docker push "$CI_REGISTRY_IMAGE/debian:bullseye"
  only:
  - master
  when: manual
build-debian-bullseye-build-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:bullseye-dev" ./debian/bullseye
  - docker push "$CI_REGISTRY_IMAGE/debian:bullseye-dev"
  except:
  - master
build-debian-buster-build-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:buster" ./debian/buster
  - docker push "$CI_REGISTRY_IMAGE/debian:buster"
  only:
  - master
  when: manual
build-debian-buster-build-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:buster-dev" ./debian/buster
  - docker push "$CI_REGISTRY_IMAGE/debian:buster-dev"
  except:
  - master
build-debian-stretch-build-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:stretch" ./debian/stretch
  - docker push "$CI_REGISTRY_IMAGE/debian:stretch"
  only:
  - master
  when: manual
build-debian-stretch-build-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:stretch-dev" ./debian/stretch
  - docker push "$CI_REGISTRY_IMAGE/debian:stretch-dev"
  except:
  - master
build-debian-jessie-build-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:jessie" ./debian/jessie
  - docker push "$CI_REGISTRY_IMAGE/debian:jessie"
  only:
  - master
  when: manual
build-debian-jessie-build-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:jessie-dev" ./debian/jessie
  - docker push "$CI_REGISTRY_IMAGE/debian:jessie-dev"
  except:
  - master
build-debian-wp-org-deploy-build-master:
  stage: deploy
  variables:
    GIT_SUBMODULE_STRATEGY: recursive
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:wp-org-deploy" ./debian/wp-org-deploy/context
  - docker push "$CI_REGISTRY_IMAGE/debian:wp-org-deploy"
  only:
  - master
  when: manual
build-debian-wp-org-deploy-build-dev:
  stage: deploy
  variables:
    GIT_SUBMODULE_STRATEGY: recursive
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:wp-org-deploy-dev" ./debian/wp-org-deploy/context
  - docker push "$CI_REGISTRY_IMAGE/debian:wp-org-deploy-dev"
  except:
  - master
build-php-8.1-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.1" ./php/8.1
  - docker push "$CI_REGISTRY_IMAGE/php:8.1"
  only:
  - master
  when: manual
build-php-8.1-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.1-dev" ./php/8.1
  - docker push "$CI_REGISTRY_IMAGE/php:8.1-dev"
  except:
  - master
build-php-8.0-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.0" ./php/8.0
  - docker push "$CI_REGISTRY_IMAGE/php:8.0"
  only:
  - master
  when: manual
build-php-8.0-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.0-dev" ./php/8.0
  - docker push "$CI_REGISTRY_IMAGE/php:8.0-dev"
  except:
  - master
build-php-7.4-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.4" ./php/7.4
  - docker push "$CI_REGISTRY_IMAGE/php:7.4"
  only:
  - master
  when: manual
build-php-7.4-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.4-dev" ./php/7.4
  - docker push "$CI_REGISTRY_IMAGE/php:7.4-dev"
  except:
  - master
build-php-7.3-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.3" ./php/7.3
  - docker push "$CI_REGISTRY_IMAGE/php:7.3"
  only:
  - master
  when: manual
build-php-7.3-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.3-dev" ./php/7.3
  - docker push "$CI_REGISTRY_IMAGE/php:7.3-dev"
  except:
  - master
build-php-7.2-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.2" ./php/7.2
  - docker push "$CI_REGISTRY_IMAGE/php:7.2"
  only:
  - master
  when: manual
build-php-7.2-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.2-dev" ./php/7.2
  - docker push "$CI_REGISTRY_IMAGE/php:7.2-dev"
  except:
  - master
build-php-7.1-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.1" ./php/7.1
  - docker push "$CI_REGISTRY_IMAGE/php:7.1"
  only:
  - master
  when: manual
build-php-7.1-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.1-dev" ./php/7.1
  - docker push "$CI_REGISTRY_IMAGE/php:7.1-dev"
  except:
  - master
build-php-7.0-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.0" ./php/7.0
  - docker push "$CI_REGISTRY_IMAGE/php:7.0"
  only:
  - master
  when: manual
build-php-7.0-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.0-dev" ./php/7.0
  - docker push "$CI_REGISTRY_IMAGE/php:7.0-dev"
  except:
  - master
build-php-5.6-master:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:5.6" ./php/5.6
  - docker push "$CI_REGISTRY_IMAGE/php:5.6"
  only:
  - master
  when: manual
build-php-5.6-dev:
  stage: deploy
  script:
  - docker build --pull -t "$CI_REGISTRY_IMAGE/php:5.6-dev" ./php/5.6
  - docker push "$CI_REGISTRY_IMAGE/php:5.6-dev"
  except:
  - master
include:
- template: Security/Container-Scanning.gitlab-ci.yml