include: - project: "wunker-bunker/ci-pipelines" file: "/include/jobs.yml" stages: - build variables: COSIGN_PASSWORD: "" COSIGN_YES: "true" default: image: registry.gitlab.com/wunker-bunker/ci-builder before_script: - | IMAGE_NAME=$(yq '.name' ./$RECIPE) IMAGE_DESCRIPTION=$(yq '.description' ./$RECIPE) FEDORA_MAJOR_VERSION=$(yq '.fedora-version' ./$RECIPE) BASE_IMAGE_URL=$(yq '.base-image' ./$RECIPE) FULL_IMAGE_NAME=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/$IMAGE_NAME # Generate a timestamp for creating an image version history TIMESTAMP="$(date +%Y%m%d)" COMMIT_TAGS=() BUILD_TAGS=() # Have tags for tracking builds during pull request COMMIT_TAGS+=("mr-${CI_MERGE_REQUEST_IID}-${FEDORA_MAJOR_VERSION}") COMMIT_TAGS+=("${CI_COMMIT_SHORT_SHA}-${FEDORA_MAJOR_VERSION}") BUILD_TAGS=("${FEDORA_MAJOR_VERSION}" "${FEDORA_MAJOR_VERSION}-${TIMESTAMP}") BUILD_TAGS+=("${TIMESTAMP}") BUILD_TAGS+=("latest") if [[ $CI_PIPELINE_SOURCE == "merge_request_event" ]]; then echo "Generated the following commit tags: " for TAG in "${COMMIT_TAGS[@]}"; do echo "${TAG}" done TAGS=("${COMMIT_TAGS[@]}") else TAGS=("${BUILD_TAGS[@]}") fi echo "Generated the following build tags: " for TAG in "${BUILD_TAGS[@]}"; do echo "${TAG}" done echo "TAGS=${TAGS[*]}" - buildah login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - cosign login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY build: extends: - .docker-service stage: build id_tokens: SIGSTORE_ID_TOKEN: aud: sigstore parallel: matrix: - RECIPE: - recipe-desktop.yml - recipe-framework-13.yml script: - buildah build --build-arg=RECIPE=$RECIPE --build-arg=FEDORA_MAJOR_VERSION=$FEDORA_MAJOR_VERSION --build-arg BASE_IMAGE_URL=$BASE_IMAGE_URL -t $FULL_IMAGE_NAME:${TAGS} . - | for TAG in "${TAGS[@]}"; do buildah tag $FULL_IMAGE_NAME:${TAGS} $FULL_IMAGE_NAME:$TAG buildah push $FULL_IMAGE_NAME:$TAG done - IMAGE_DIGEST=$(skopeo inspect --format='{{.Digest}}' docker://$FULL_IMAGE_NAME:$TAGS) - cosign sign $IMAGE_DIGEST