Loading container/kaniko.yml +10 −3 Original line number Diff line number Diff line Loading @@ -8,8 +8,8 @@ variables: KANIKO_TAG: ${CI_COMMIT_SHORT_SHA} KANIKO_DEV_TAG: dev-${CI_COMMIT_SHORT_SHA} # allows registry cleanup policy KANIKO_CONTEXT: ${CI_PROJECT_DIR} KANIKO_DOCKERFILE: "Dockerfile" # Can be a path KANIKO_DEFAULT_ARGS: "--force" KANIKO_DOCKERFILE: Dockerfile # Can be a path KANIKO_DEFAULT_ARGS: --force KANIKO_EXTRA_ARGS: "" # See https://github.com/GoogleContainerTools/kaniko#additional-flags KANIKO_CACHE: "true" Loading @@ -21,6 +21,13 @@ variables: variables: KANIKO_DEV_TAG: dev-${CI_COMMIT_SHORT_SHA} # allows registry cleanup policy script: - echo "[*] Building and pushing '${IMAGE_CONTAINERFILE}' in context '${IMAGE_CONTEXT}' to '${IMAGE_NAME}:${IMAGE_DEV_TAG}' and '${IMAGE_NAME}:${IMAGE_TAG}'." - | if [ "${KANIKO_EXTRA_ARGS}" != "" ]; then echo "[*] Applying the extra arguments '${KANIKO_EXTRA_ARGS}'." fi - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json Loading @@ -33,7 +40,7 @@ variables: # master/main - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH variables: KANIKO_TAG: "latest" KANIKO_TAG: latest # tags - if: $CI_COMMIT_TAG variables: Loading pipelines/container/readme.md +32 −35 Original line number Diff line number Diff line # container jobs # Container jobs We support 2 type of projects: - polirepos: projects with only one container image - monorepos: projects with many container images - polyrepos: projects with only one container image - monorepos: projects with multiple container images ## polirepos ## Polyrepos Including the following you will automatically get a `kaniko` job and a `grype` job to test the image built by `kaniko`. See `container/kaniko.yml` for the environment variables available to customise `Dockerfile` location, build environment variables available to customise the `Dockerfile` location, build context, arguments and more. ```bash ```shell # project structure polyrepo Loading @@ -23,62 +23,59 @@ polyrepo └── docker-compose.yml ``` ```yml ```yaml include: - project: "just-ci/templates" file: "pipelines/container/polyrepo.yml" - project: just-ci/templates file: pipelines/container/polyrepo.yml ``` ## monorepos The user must include the following ```yml ```yaml include: - project: "just-ci/templates" file: "pipelines/container/monorepo.yml" - project: just-ci/templates file: pipelines/container/monorepo.yml ``` However, by default no job will run. The user needs to define manually a kaniko job and a grype job for each of his container images. This is because we can not infer the location of the container contexts. For example a user with 2 container images in directories `image_A` and `image_B` in his project will need to add the following: However, by default no job will run. The user needs to manually define a kaniko and a grype job for each container image. This is because we can not infer the location of the container contexts. For example a user with 2 Dockerfiles in the following directory tree will need to add the following: ```bash # project structure ```shell # example project structure monorepo ├── .gitlab-ci.yml ├── README.md ├── a ├── Dockerfile ├── subfolder │ ├── Dockerfile │ └── test_A.txt └── b ├── Dockerfile └── test_B.txt ``` ```yml ```yaml kaniko:a: kaniko:root: extends: .kaniko:monorepo: variables: KANIKO_CONTEXT: a KANIKO_CONTEXT: "." kaniko:b: extends: .kaniko:monorepo: kaniko:subfolder: extends: .kaniko:monorepo variables: KANIKO_CONTEXT: b KANIKO_CONTEXT: subfolder grype:a: grype:root: extends: .grype:monorepo variables: GRYPE_CONTEXT: a needs: ["kaniko:a"] GRYPE_CONTEXT: "." needs: [kaniko:root] grype:b: grype:subfolder: extends: .grype:monorepo variables: GRYPE_CONTEXT: b needs: ["kaniko:b"] GRYPE_CONTEXT: subfolder needs: [kaniko:subfolder] ``` Loading
container/kaniko.yml +10 −3 Original line number Diff line number Diff line Loading @@ -8,8 +8,8 @@ variables: KANIKO_TAG: ${CI_COMMIT_SHORT_SHA} KANIKO_DEV_TAG: dev-${CI_COMMIT_SHORT_SHA} # allows registry cleanup policy KANIKO_CONTEXT: ${CI_PROJECT_DIR} KANIKO_DOCKERFILE: "Dockerfile" # Can be a path KANIKO_DEFAULT_ARGS: "--force" KANIKO_DOCKERFILE: Dockerfile # Can be a path KANIKO_DEFAULT_ARGS: --force KANIKO_EXTRA_ARGS: "" # See https://github.com/GoogleContainerTools/kaniko#additional-flags KANIKO_CACHE: "true" Loading @@ -21,6 +21,13 @@ variables: variables: KANIKO_DEV_TAG: dev-${CI_COMMIT_SHORT_SHA} # allows registry cleanup policy script: - echo "[*] Building and pushing '${IMAGE_CONTAINERFILE}' in context '${IMAGE_CONTEXT}' to '${IMAGE_NAME}:${IMAGE_DEV_TAG}' and '${IMAGE_NAME}:${IMAGE_TAG}'." - | if [ "${KANIKO_EXTRA_ARGS}" != "" ]; then echo "[*] Applying the extra arguments '${KANIKO_EXTRA_ARGS}'." fi - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64)\"}}}" > /kaniko/.docker/config.json Loading @@ -33,7 +40,7 @@ variables: # master/main - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH variables: KANIKO_TAG: "latest" KANIKO_TAG: latest # tags - if: $CI_COMMIT_TAG variables: Loading
pipelines/container/readme.md +32 −35 Original line number Diff line number Diff line # container jobs # Container jobs We support 2 type of projects: - polirepos: projects with only one container image - monorepos: projects with many container images - polyrepos: projects with only one container image - monorepos: projects with multiple container images ## polirepos ## Polyrepos Including the following you will automatically get a `kaniko` job and a `grype` job to test the image built by `kaniko`. See `container/kaniko.yml` for the environment variables available to customise `Dockerfile` location, build environment variables available to customise the `Dockerfile` location, build context, arguments and more. ```bash ```shell # project structure polyrepo Loading @@ -23,62 +23,59 @@ polyrepo └── docker-compose.yml ``` ```yml ```yaml include: - project: "just-ci/templates" file: "pipelines/container/polyrepo.yml" - project: just-ci/templates file: pipelines/container/polyrepo.yml ``` ## monorepos The user must include the following ```yml ```yaml include: - project: "just-ci/templates" file: "pipelines/container/monorepo.yml" - project: just-ci/templates file: pipelines/container/monorepo.yml ``` However, by default no job will run. The user needs to define manually a kaniko job and a grype job for each of his container images. This is because we can not infer the location of the container contexts. For example a user with 2 container images in directories `image_A` and `image_B` in his project will need to add the following: However, by default no job will run. The user needs to manually define a kaniko and a grype job for each container image. This is because we can not infer the location of the container contexts. For example a user with 2 Dockerfiles in the following directory tree will need to add the following: ```bash # project structure ```shell # example project structure monorepo ├── .gitlab-ci.yml ├── README.md ├── a ├── Dockerfile ├── subfolder │ ├── Dockerfile │ └── test_A.txt └── b ├── Dockerfile └── test_B.txt ``` ```yml ```yaml kaniko:a: kaniko:root: extends: .kaniko:monorepo: variables: KANIKO_CONTEXT: a KANIKO_CONTEXT: "." kaniko:b: extends: .kaniko:monorepo: kaniko:subfolder: extends: .kaniko:monorepo variables: KANIKO_CONTEXT: b KANIKO_CONTEXT: subfolder grype:a: grype:root: extends: .grype:monorepo variables: GRYPE_CONTEXT: a needs: ["kaniko:a"] GRYPE_CONTEXT: "." needs: [kaniko:root] grype:b: grype:subfolder: extends: .grype:monorepo variables: GRYPE_CONTEXT: b needs: ["kaniko:b"] GRYPE_CONTEXT: subfolder needs: [kaniko:subfolder] ```
