diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 78464663a31ef7a8c6bf67ffddd9877918ef2690..ccb718462091146ec2bd2d2e96580460122d6132 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,288 +1,249 @@ +# You can override the included template(s) by including variable overrides +# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings +# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings +# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings +# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings +# Note that environment variables can be set in several places +# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence + +# container_scanning: +# variables: +# DOCKER_IMAGE: ... +# DOCKER_USER: ... +# DOCKER_PASSWORD: ... image: docker:latest - services: - - docker:dind - +- docker:dind before_script: - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - -# -# TESTS -# - +- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY lint-dockerfile: stage: test image: hadolint/hadolint:latest-debian before_script: - - mkdir ~/.config - - cp ./.hadolint.yaml ~/.config/hadolint.yaml + - mkdir ~/.config + - cp ./.hadolint.yaml ~/.config/hadolint.yaml script: - - find . -name "Dockerfile" -execdir hadolint {} \; - + - find . -name "Dockerfile" -execdir hadolint {} \; lint-shell-script: stage: test image: koalaman/shellcheck-alpine:latest before_script: - - shellcheck -V + - shellcheck -V script: - - find . -name "*.sh" -exec shellcheck {} \; - -# -# IMAGE BUILDS/PUSHES -# - -# Golang + - find . -name "*.sh" -exec shellcheck {} \; build-golang-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/golang:latest" ./golang/latest - - docker push "$CI_REGISTRY_IMAGE/golang:latest" + - docker build --pull -t "$CI_REGISTRY_IMAGE/golang:latest" ./golang/latest + - docker push "$CI_REGISTRY_IMAGE/golang:latest" only: - - master + - master when: manual - build-golang-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/golang:latest-dev" ./golang/latest - - docker push "$CI_REGISTRY_IMAGE/golang:latest-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/golang:latest-dev" ./golang/latest + - docker push "$CI_REGISTRY_IMAGE/golang:latest-dev" except: - - master - -# Debian Bullseye builds + - master build-debian-bullseye-build-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:bullseye" ./debian/bullseye - - docker push "$CI_REGISTRY_IMAGE/debian:bullseye" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:bullseye" ./debian/bullseye + - docker push "$CI_REGISTRY_IMAGE/debian:bullseye" only: - - master + - master when: manual - build-debian-bullseye-build-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:bullseye-dev" ./debian/bullseye - - docker push "$CI_REGISTRY_IMAGE/debian:bullseye-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:bullseye-dev" ./debian/bullseye + - docker push "$CI_REGISTRY_IMAGE/debian:bullseye-dev" except: - - master - -# Debian Buster builds + - master build-debian-buster-build-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:buster" ./debian/buster - - docker push "$CI_REGISTRY_IMAGE/debian:buster" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:buster" ./debian/buster + - docker push "$CI_REGISTRY_IMAGE/debian:buster" only: - - master + - master when: manual - build-debian-buster-build-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:buster-dev" ./debian/buster - - docker push "$CI_REGISTRY_IMAGE/debian:buster-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:buster-dev" ./debian/buster + - docker push "$CI_REGISTRY_IMAGE/debian:buster-dev" except: - - master - -# Debian Stretch builds + - master build-debian-stretch-build-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:stretch" ./debian/stretch - - docker push "$CI_REGISTRY_IMAGE/debian:stretch" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:stretch" ./debian/stretch + - docker push "$CI_REGISTRY_IMAGE/debian:stretch" only: - - master + - master when: manual - build-debian-stretch-build-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:stretch-dev" ./debian/stretch - - docker push "$CI_REGISTRY_IMAGE/debian:stretch-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:stretch-dev" ./debian/stretch + - docker push "$CI_REGISTRY_IMAGE/debian:stretch-dev" except: - - master - -# Debian Jessie builds + - master build-debian-jessie-build-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:jessie" ./debian/jessie - - docker push "$CI_REGISTRY_IMAGE/debian:jessie" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:jessie" ./debian/jessie + - docker push "$CI_REGISTRY_IMAGE/debian:jessie" only: - - master + - master when: manual - build-debian-jessie-build-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:jessie-dev" ./debian/jessie - - docker push "$CI_REGISTRY_IMAGE/debian:jessie-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:jessie-dev" ./debian/jessie + - docker push "$CI_REGISTRY_IMAGE/debian:jessie-dev" except: - - master - -# Debian WP.org Plugin deploy builds + - master build-debian-wp-org-deploy-build-master: stage: deploy variables: GIT_SUBMODULE_STRATEGY: recursive script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:wp-org-deploy" ./debian/wp-org-deploy/context - - docker push "$CI_REGISTRY_IMAGE/debian:wp-org-deploy" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:wp-org-deploy" ./debian/wp-org-deploy/context + - docker push "$CI_REGISTRY_IMAGE/debian:wp-org-deploy" only: - - master + - master when: manual - build-debian-wp-org-deploy-build-dev: stage: deploy variables: GIT_SUBMODULE_STRATEGY: recursive script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:wp-org-deploy-dev" ./debian/wp-org-deploy/context - - docker push "$CI_REGISTRY_IMAGE/debian:wp-org-deploy-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/debian:wp-org-deploy-dev" ./debian/wp-org-deploy/context + - docker push "$CI_REGISTRY_IMAGE/debian:wp-org-deploy-dev" except: - - master - -# PHP 8.1 + - master build-php-8.1-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.1" ./php/8.1 - - docker push "$CI_REGISTRY_IMAGE/php:8.1" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.1" ./php/8.1 + - docker push "$CI_REGISTRY_IMAGE/php:8.1" only: - - master + - master when: manual - build-php-8.1-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.1-dev" ./php/8.1 - - docker push "$CI_REGISTRY_IMAGE/php:8.1-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.1-dev" ./php/8.1 + - docker push "$CI_REGISTRY_IMAGE/php:8.1-dev" except: - - master - -# PHP 8.0 + - master build-php-8.0-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.0" ./php/8.0 - - docker push "$CI_REGISTRY_IMAGE/php:8.0" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.0" ./php/8.0 + - docker push "$CI_REGISTRY_IMAGE/php:8.0" only: - - master + - master when: manual - build-php-8.0-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.0-dev" ./php/8.0 - - docker push "$CI_REGISTRY_IMAGE/php:8.0-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:8.0-dev" ./php/8.0 + - docker push "$CI_REGISTRY_IMAGE/php:8.0-dev" except: - - master - -# PHP 7.4 + - master build-php-7.4-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.4" ./php/7.4 - - docker push "$CI_REGISTRY_IMAGE/php:7.4" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.4" ./php/7.4 + - docker push "$CI_REGISTRY_IMAGE/php:7.4" only: - - master + - master when: manual - build-php-7.4-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.4-dev" ./php/7.4 - - docker push "$CI_REGISTRY_IMAGE/php:7.4-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.4-dev" ./php/7.4 + - docker push "$CI_REGISTRY_IMAGE/php:7.4-dev" except: - - master - -# PHP 7.3 + - master build-php-7.3-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.3" ./php/7.3 - - docker push "$CI_REGISTRY_IMAGE/php:7.3" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.3" ./php/7.3 + - docker push "$CI_REGISTRY_IMAGE/php:7.3" only: - - master + - master when: manual - build-php-7.3-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.3-dev" ./php/7.3 - - docker push "$CI_REGISTRY_IMAGE/php:7.3-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.3-dev" ./php/7.3 + - docker push "$CI_REGISTRY_IMAGE/php:7.3-dev" except: - - master - -# PHP 7.2 + - master build-php-7.2-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.2" ./php/7.2 - - docker push "$CI_REGISTRY_IMAGE/php:7.2" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.2" ./php/7.2 + - docker push "$CI_REGISTRY_IMAGE/php:7.2" only: - - master + - master when: manual - build-php-7.2-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.2-dev" ./php/7.2 - - docker push "$CI_REGISTRY_IMAGE/php:7.2-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.2-dev" ./php/7.2 + - docker push "$CI_REGISTRY_IMAGE/php:7.2-dev" except: - - master - -# PHP 7.1 + - master build-php-7.1-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.1" ./php/7.1 - - docker push "$CI_REGISTRY_IMAGE/php:7.1" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.1" ./php/7.1 + - docker push "$CI_REGISTRY_IMAGE/php:7.1" only: - - master + - master when: manual - build-php-7.1-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.1-dev" ./php/7.1 - - docker push "$CI_REGISTRY_IMAGE/php:7.1-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.1-dev" ./php/7.1 + - docker push "$CI_REGISTRY_IMAGE/php:7.1-dev" except: - - master - -# PHP 7.0 + - master build-php-7.0-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.0" ./php/7.0 - - docker push "$CI_REGISTRY_IMAGE/php:7.0" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.0" ./php/7.0 + - docker push "$CI_REGISTRY_IMAGE/php:7.0" only: - - master + - master when: manual - build-php-7.0-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.0-dev" ./php/7.0 - - docker push "$CI_REGISTRY_IMAGE/php:7.0-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:7.0-dev" ./php/7.0 + - docker push "$CI_REGISTRY_IMAGE/php:7.0-dev" except: - - master - -# PHP 5.6 + - master build-php-5.6-master: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:5.6" ./php/5.6 - - docker push "$CI_REGISTRY_IMAGE/php:5.6" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:5.6" ./php/5.6 + - docker push "$CI_REGISTRY_IMAGE/php:5.6" only: - - master + - master when: manual - build-php-5.6-dev: stage: deploy script: - - docker build --pull -t "$CI_REGISTRY_IMAGE/php:5.6-dev" ./php/5.6 - - docker push "$CI_REGISTRY_IMAGE/php:5.6-dev" + - docker build --pull -t "$CI_REGISTRY_IMAGE/php:5.6-dev" ./php/5.6 + - docker push "$CI_REGISTRY_IMAGE/php:5.6-dev" except: - - master + - master +include: +- template: Security/Container-Scanning.gitlab-ci.yml