Abstract out pipeline
This commit is contained in:
@@ -1,72 +1,10 @@
|
|||||||
include:
|
include:
|
||||||
- project: "wunker-bunker/ci-pipelines"
|
- project: "wunker-bunker/ci-pipelines"
|
||||||
file: "/include/jobs.yml"
|
file: "/ublue-build.yml
|
||||||
|
|
||||||
stages:
|
.recipe-matrix:
|
||||||
- build
|
|
||||||
|
|
||||||
variables:
|
|
||||||
COSIGN_PASSWORD: ""
|
|
||||||
COSIGN_YES: "true"
|
|
||||||
|
|
||||||
default:
|
|
||||||
image: registry.gitlab.com/wunker-bunker/ci-builder
|
|
||||||
before_script:
|
|
||||||
- |
|
|
||||||
IMAGE_NAME=$(yq '.name' ./$RECIPE)
|
|
||||||
IMAGE_DESCRIPTION=$(yq '.description' ./$RECIPE)
|
|
||||||
FEDORA_MAJOR_VERSION=$(yq '.fedora-version' ./$RECIPE)
|
|
||||||
BASE_IMAGE_URL=$(yq '.base-image' ./$RECIPE)
|
|
||||||
FULL_IMAGE_NAME=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/$IMAGE_NAME
|
|
||||||
# Generate a timestamp for creating an image version history
|
|
||||||
TIMESTAMP="$(date +%Y%m%d)"
|
|
||||||
COMMIT_TAGS=()
|
|
||||||
BUILD_TAGS=()
|
|
||||||
# Have tags for tracking builds during pull request
|
|
||||||
COMMIT_TAGS+=("mr-${CI_MERGE_REQUEST_IID}-${FEDORA_MAJOR_VERSION}")
|
|
||||||
COMMIT_TAGS+=("${CI_COMMIT_SHORT_SHA}-${FEDORA_MAJOR_VERSION}")
|
|
||||||
|
|
||||||
BUILD_TAGS=("${FEDORA_MAJOR_VERSION}" "${FEDORA_MAJOR_VERSION}-${TIMESTAMP}")
|
|
||||||
|
|
||||||
BUILD_TAGS+=("${TIMESTAMP}")
|
|
||||||
BUILD_TAGS+=("latest")
|
|
||||||
|
|
||||||
if [[ $CI_PIPELINE_SOURCE == "merge_request_event" ]]; then
|
|
||||||
echo "Generated the following commit tags: "
|
|
||||||
for TAG in "${COMMIT_TAGS[@]}"; do
|
|
||||||
echo "${TAG}"
|
|
||||||
done
|
|
||||||
TAGS=("${COMMIT_TAGS[@]}")
|
|
||||||
else
|
|
||||||
TAGS=("${BUILD_TAGS[@]}")
|
|
||||||
fi
|
|
||||||
echo "Generated the following build tags: "
|
|
||||||
for TAG in "${BUILD_TAGS[@]}"; do
|
|
||||||
echo "${TAG}"
|
|
||||||
done
|
|
||||||
echo "TAGS=${TAGS[*]}"
|
|
||||||
- buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
||||||
- cosign login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
||||||
|
|
||||||
build:
|
|
||||||
extends:
|
|
||||||
- .docker-service
|
|
||||||
stage: build
|
|
||||||
id_tokens:
|
|
||||||
SIGSTORE_ID_TOKEN:
|
|
||||||
aud: sigstore
|
|
||||||
parallel:
|
parallel:
|
||||||
matrix:
|
matrix:
|
||||||
- RECIPE:
|
- RECIPE:
|
||||||
- recipe-desktop.yml
|
- recipe-desktop.yml
|
||||||
- recipe-framework-13.yml
|
- recipe-framework-13.yml
|
||||||
script:
|
|
||||||
- buildah build --build-arg=RECIPE=$RECIPE --build-arg=FEDORA_MAJOR_VERSION=$FEDORA_MAJOR_VERSION --build-arg BASE_IMAGE_URL=$BASE_IMAGE_URL -t $FULL_IMAGE_NAME:${TAGS} .
|
|
||||||
- |
|
|
||||||
for TAG in "${TAGS[@]}"; do
|
|
||||||
buildah tag $FULL_IMAGE_NAME:${TAGS} $FULL_IMAGE_NAME:$TAG
|
|
||||||
buildah push $FULL_IMAGE_NAME:$TAG
|
|
||||||
done
|
|
||||||
- IMAGE_DIGEST=$(skopeo inspect --format='{{.Digest}}' docker://$FULL_IMAGE_NAME:$TAGS)
|
|
||||||
- cosign sign $FULL_IMAGE_NAME@$IMAGE_DIGEST
|
|
||||||
- set -x && cosign verify --certificate-identity "$CI_PROJECT_URL//.gitlab-ci.yml@refs/heads/$CI_DEFAULT_BRANCH" --certificate-oidc-issuer "$CI_SERVER_PROTOCOL://$CI_SERVER_HOST" $FULL_IMAGE_NAME:$TAGS
|
|
||||||
|
|||||||
Reference in New Issue
Block a user