Skip to content

Instantly share code, notes, and snippets.

@vincentchalamon
Created February 28, 2024 08:56
Show Gist options
  • Save vincentchalamon/b1270223cbe175be7ae0f3e836e8e298 to your computer and use it in GitHub Desktop.
Save vincentchalamon/b1270223cbe175be7ae0f3e836e8e298 to your computer and use it in GitHub Desktop.
docker buildx bake on gitlab.com
variables:
# Use TLS https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_DRIVER: overlay2
.bake:
image: docker:latest
services:
- docker:dind
parallel:
matrix:
- PHP_VERSION: ['8.2', '8.3']
variables:
CI_REGISTRY_IMAGE_TAG: coopTilleuls/php:$PHP_VERSION
before_script:
# image is pushed to Docker Registry (docker.io)
- docker login -u $HUB_REGISTRY_USER -p $HUB_REGISTRY_PASSWORD
# cache is pushed to GitLab Registry (registry.gitlab.com)
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
# must create context to use buildx with Docker TLS
- docker context create builder
- docker context use builder
- docker buildx create --driver docker-container --platform linux/amd64 --use builder
- docker buildx inspect --bootstrap --builder builder
test:
only:
- merge_requests
extends: .bake
cache:
- key: trivy-cache
paths:
- .trivy/
script:
- docker buildx bake
--print
--pull
--load
--set *.platform=linux/amd64
--set "*.cache-from=type=registry,ref=$CI_REGISTRY_IMAGE:$PHP_VERSION,mode=max"
-f docker-bake.hcl
- docker buildx bake
--pull
--load
--set *.platform=linux/amd64
--set "*.cache-from=type=registry,ref=$CI_REGISTRY_IMAGE:$PHP_VERSION,mode=max"
-f docker-bake.hcl
- docker run
-v /var/run/docker.sock:/var/run/docker.sock
-v ./.trivy:/.trivy aquasec/trivy
image --ignore-unfixed --severity HIGH,CRITICAL --scanners vuln --cache-dir /.trivy $CI_REGISTRY_IMAGE_TAG
build-and-push:
only:
- main
extends: .bake
script:
- docker buildx bake
--print
--pull
--load
--set *.platform=linux/amd64
--set "*.cache-from=type=registry,ref=$CI_REGISTRY_IMAGE:$PHP_VERSION,mode=max"
--set "*.cache-to=type=registry,ref=$CI_REGISTRY_IMAGE:$PHP_VERSION,mode=max"
-f docker-bake.hcl
- docker buildx bake
--pull
--push
--load
--set *.platform=linux/amd64
--set "*.cache-from=type=registry,ref=$CI_REGISTRY_IMAGE:$PHP_VERSION,mode=max"
--set "*.cache-to=type=registry,ref=$CI_REGISTRY_IMAGE:$PHP_VERSION,mode=max"
-f docker-bake.hcl
variable "PHP_VERSION" {
default = "8.3"
}
variable "CI_REGISTRY_IMAGE_TAG" {
default = "coopTilleuls/php:${PHP_VERSION}"
}
group "default" {
targets = ["php"]
}
target "php" {
dockerfile = "./Dockerfile"
tags = ["${CI_REGISTRY_IMAGE_TAG}"]
args = {
PHP_VERSION = "${PHP_VERSION}"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment