Created
June 7, 2018 20:12
-
-
Save frenck/c7f30e88f1db94e73ce30b0feaf1a8f4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
image: docker:latest | |
variables: | |
ADDON_GITHUB_REPO: frenck/addon-example | |
ADDON_SLUG: example | |
ADDON_TARGET: example | |
DOCKER_DRIVER: overlay2 | |
DOCKER_HUB_ORG: frenck | |
stages: | |
- preflight | |
- build | |
- scan | |
- deploy | |
- manifest | |
- publish | |
# Generic DIND template | |
.dind: &dind | |
before_script: | |
- docker info | |
services: | |
- name: docker:dind | |
command: ["--experimental"] | |
# Generic preflight template | |
.preflight: &preflight | |
stage: preflight | |
tags: | |
- preflight | |
# Generic build template | |
.build: &build | |
<<: *dind | |
stage: build | |
before_script: | |
- docker info | |
- | | |
if [ "$(apk --print-arch)" = "amd64" ]; then | |
docker run --rm --privileged hassioaddons/qemu-user-static:latest | |
fi | |
- | | |
echo "${CI_JOB_TOKEN}" | docker login \ | |
--username gitlab-ci-token \ | |
--password-stdin \ | |
registry.gitlab.com | |
- docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" || true | |
script: | |
- | | |
docker build \ | |
--build-arg "BUILD_FROM=${FROM}" \ | |
--build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \ | |
--build-arg "BUILD_ARCH=${ADDON_ARCH}" \ | |
--build-arg "BUILD_REF=${CI_COMMIT_SHA}" \ | |
--build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \ | |
--cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" \ | |
--tag \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ | |
"${ADDON_TARGET}" | |
- | | |
docker push \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" | |
# Generic scan template | |
.scan: &scan | |
<<: *dind | |
stage: scan | |
allow_failure: true | |
before_script: | |
- docker info | |
- docker run -d --name db arminc/clair-db:latest | |
- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 | |
- apk add -U curl ca-certificates | |
- | | |
curl \ | |
--silent \ | |
--show-error \ | |
--location \ | |
--fail \ | |
--retry 3 \ | |
--output /usr/bin/clair-scanner \ | |
https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 | |
- chmod +x /usr/bin/clair-scanner | |
- touch clair-whitelist.yml | |
- echo "Waiting for Clair to start" | |
- | | |
while ! nc -z docker 6060; do | |
sleep 1 | |
WAIT=$((${WAIT} + 1)) | |
if [ "${WAIT}" -gt 30 ]; then | |
echo "Error > Timeout waiting for Clair to start" | |
exit 1 | |
fi | |
done | |
- docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" | |
script: | |
- | | |
clair-scanner \ | |
-c http://docker:6060 \ | |
--ip $(hostname -i) \ | |
-w clair-whitelist.yml \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" | |
tags: | |
- scan | |
# Generic deploy template | |
.deploy: &deploy | |
<<: *dind | |
stage: deploy | |
before_script: | |
- docker info | |
- docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" | |
- | | |
echo "${CI_JOB_TOKEN}" | docker login \ | |
--username gitlab-ci-token \ | |
--password-stdin \ | |
registry.gitlab.com | |
- | | |
echo "${DOCKER_PASSWORD}" | docker login \ | |
--username "${DOCKER_LOGIN}" \ | |
--password-stdin | |
script: | |
- | | |
docker tag \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" | |
- docker push "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" | |
- TAG="${CI_COMMIT_TAG#v}" | |
- TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" | |
- | | |
docker tag \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" | |
- | | |
docker push \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" | |
- | | |
docker tag \ | |
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}" | |
- | | |
docker push \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}" | |
tags: | |
- deploy | |
only: | |
- master | |
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ | |
except: | |
- /^(?!master).+@/ | |
# Generic manifest template | |
.manifest: &manifest | |
<<: *dind | |
stage: manifest | |
before_script: | |
- mkdir -p ~/.docker | |
- echo '{"experimental":"enabled"}' > ~/.docker/config.json | |
- docker info | |
- | | |
echo "${DOCKER_PASSWORD}" | docker login \ | |
--username "${DOCKER_LOGIN}" \ | |
--password-stdin | |
script: | |
- TAG="${TAG#v}" | |
- TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" | |
- REF="${CI_COMMIT_TAG#v}" | |
- REF="${REF:-${CI_COMMIT_SHA:0:7}}" | |
- | | |
docker manifest create \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" | |
- | | |
docker manifest annotate \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ | |
--os=linux \ | |
--arch=arm64 \ | |
--variant=v8 | |
- | | |
docker manifest annotate \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ | |
--os=linux \ | |
--arch=amd64 | |
- | | |
docker manifest annotate \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ | |
--os=linux \ | |
--arch=arm \ | |
--variant=v6 | |
- | | |
docker manifest annotate \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \ | |
--os=linux \ | |
--arch=386 | |
- | | |
docker manifest push \ | |
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" | |
tags: | |
- manifest | |
except: | |
- /^(?!master).+@/ | |
# Generic publish template | |
.publish: &publish | |
stage: publish | |
image: | |
name: hassioaddons/repository-updater:latest | |
entrypoint: [""] | |
script: | |
- | | |
repository-updater \ | |
--token "${GITHUB_TOKEN}" \ | |
--repository "${REPOSITORY}" \ | |
--addon "${ADDON_GITHUB_REPO}" | |
tags: | |
- publish | |
except: | |
- /^(?!master).+@/ | |
# Preflight jobs | |
hadolint: | |
<<: *preflight | |
image: hadolint/hadolint:v1.6.6 | |
before_script: | |
- hadolint --version | |
script: | |
- hadolint "${ADDON_TARGET}/Dockerfile" | |
shellcheck: | |
<<: *preflight | |
image: | |
name: koalaman/shellcheck-alpine:stable | |
entrypoint: [""] | |
before_script: | |
- shellcheck --version | |
- apk --no-cache add grep | |
- | | |
find . -type f -print0 | \ | |
xargs -0 sed -i 's:#!/usr/bin/with-contenv bash:#!/bin/bash:g' | |
script: | |
- | | |
for file in $(grep -IRl "#\!\(/usr/bin/env \|/bin/\)" --exclude-dir ".git" "${ADDON_TARGET}"); do | |
if ! shellcheck $file; then | |
export FAILED=1 | |
else | |
echo "$file OK" | |
fi | |
done | |
if [ "${FAILED}" = "1" ]; then | |
exit 1 | |
fi | |
yamllint: | |
<<: *preflight | |
image: sdesbure/yamllint | |
before_script: | |
- yamllint --version | |
script: | |
- yamllint . | |
jsonlint: | |
<<: *preflight | |
image: sahsu/docker-jsonlint | |
before_script: | |
- jsonlint --version || true | |
script: | |
- | | |
for file in $(find . -type f -name "*.json"); do | |
if ! jsonlint -q $file; then | |
export FAILED=1 | |
else | |
echo "$file OK" | |
fi | |
done | |
if [ "${FAILED}" = "1" ]; then | |
exit 1 | |
fi | |
markdownlint: | |
<<: *preflight | |
image: | |
name: ruby:alpine | |
entrypoint: [""] | |
before_script: | |
- gem install mdl | |
- mdl --version | |
script: | |
- mdl --style all --warnings . | |
# Build Jobs | |
build:armhf: | |
<<: *build | |
variables: | |
ADDON_ARCH: armhf | |
FROM: hassioaddons/base-armhf:1.3.3 | |
tags: | |
- build | |
- armhf | |
build:aarch64: | |
<<: *build | |
variables: | |
ADDON_ARCH: aarch64 | |
FROM: hassioaddons/base-aarch64:1.3.3 | |
tags: | |
- build | |
- aarch64 | |
build:i386: | |
<<: *build | |
variables: | |
ADDON_ARCH: i386 | |
FROM: hassioaddons/base-i386:1.3.3 | |
tags: | |
- build | |
- i386 | |
build:amd64: | |
<<: *build | |
variables: | |
ADDON_ARCH: amd64 | |
FROM: hassioaddons/base-amd64:1.3.3 | |
tags: | |
- build | |
- amd64 | |
# Scan jobs | |
clair:armhf: | |
<<: *scan | |
variables: | |
ADDON_ARCH: armhf | |
clair:aarch64: | |
<<: *scan | |
variables: | |
ADDON_ARCH: aarch64 | |
clair:i386: | |
<<: *scan | |
variables: | |
ADDON_ARCH: i386 | |
clair:amd64: | |
<<: *scan | |
variables: | |
ADDON_ARCH: amd64 | |
# Deploy jobs | |
deploy:armhf: | |
<<: *deploy | |
variables: | |
ADDON_ARCH: armhf | |
deploy:aarch64: | |
<<: *deploy | |
variables: | |
ADDON_ARCH: aarch64 | |
deploy:i386: | |
<<: *deploy | |
variables: | |
ADDON_ARCH: i386 | |
deploy:amd64: | |
<<: *deploy | |
variables: | |
ADDON_ARCH: amd64 | |
# Manifest jobs | |
manifest:sha: | |
<<: *manifest | |
only: | |
- master | |
manifest:version: | |
<<: *manifest | |
variables: | |
TAG: "${CI_COMMIT_TAG}" | |
only: | |
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ | |
manifest:stable: | |
<<: *manifest | |
variables: | |
TAG: latest | |
only: | |
- /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ | |
manifest:beta: | |
<<: *manifest | |
variables: | |
TAG: beta | |
only: | |
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ | |
manifest:edge: | |
<<: *manifest | |
variables: | |
TAG: edge | |
only: | |
- master | |
# Publish jobs | |
publish:stable: | |
<<: *publish | |
variables: | |
REPOSITORY: frenck/repository | |
only: | |
- /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ | |
environment: | |
name: stable | |
publish:beta: | |
<<: *publish | |
variables: | |
REPOSITORY: frenck/repository | |
only: | |
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ | |
environment: | |
name: beta | |
publish:edge: | |
<<: *publish | |
variables: | |
REPOSITORY: frenck/repository | |
only: | |
- master | |
environment: | |
name: edge |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment