hassio-addons/addon-base
1
0
Fork 0
mirror of https://github.com/hassio-addons/addon-base.git synced 2025-05-03 18:31:26 +00:00
Code Issues Projects Releases Packages Wiki Activity
addon-base/.gitlab-ci.yml
Franck Nijhof da4a397fc0
🚀 Improves the build system (#23) 
* 🚀 Improves the build system

* ⬆️ Upgrades Hadolint to latest

* 👕 Fixes Hadolint warnings

* 🚑 Fixes the incorrect shell

* 👕 Fixes hadolint warnings

* 👕 Fixes hadolint warnings

* 🚑 Temporary work around for hadolint/hadolint#234

* 👕 Fixes yamllint warnings
2018-07-06 20:53:14 +02:00

406 lines
9.5 KiB
YAML
Raw Blame History

---
image: docker:latest
variables:
ADDON_GITHUB_REPO: hassio-addons/addon-base
ADDON_SLUG: base
ADDON_TARGET: base
DOCKER_DRIVER: overlay2
DOCKER_HUB_ORG: hassioaddons
stages:
- preflight
- build
- scan
- deploy
- manifest
# Generic DIND template
.dind: &dind
before_script:
- docker info
services:
- name: docker:dind
command: ["--experimental"]
# Generic preflight template
.preflight: &preflight
stage: preflight
tags:
- preflight
# Generic build template
.build: &build
<<: *dind
stage: build
before_script:
- docker info
- |
echo "${CI_JOB_TOKEN}" | docker login \
--username gitlab-ci-token \
--password-stdin \
registry.gitlab.com
- docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" || true
- |
if [ "$(apk --print-arch)" = "amd64" ]; then
docker run --rm --privileged hassioaddons/qemu-user-static:latest
fi
- apk --no-cache add curl
script:
- |
if [ "$(apk --print-arch)" = "aarch64" ]; then
curl -L -s \
"https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \
tar zxvf - -C ./base/rootfs/usr/bin/
fi
- |
if [ "$(apk --print-arch)" = "armhf" ]; then
curl -L -s \
"https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \
tar zxvf - -C ./base/rootfs/usr/bin/
fi
- |
docker build \
--build-arg "BUILD_FROM=${FROM}" \
--build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \
--build-arg "BUILD_ARCH=${ADDON_ARCH}" \
--build-arg "BUILD_REF=${CI_COMMIT_SHA}" \
--build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \
--cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" \
--tag \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
"${ADDON_TARGET}"
- |
docker push \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
tags:
- build
# Generic scan template
.scan: &scan
<<: *dind
stage: scan
allow_failure: true
before_script:
- docker info
- docker run -d --name db arminc/clair-db:latest
- docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
- apk add -U curl ca-certificates
- |
curl \
--silent \
--show-error \
--location \
--fail \
--retry 3 \
--output /usr/bin/clair-scanner \
https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
- chmod +x /usr/bin/clair-scanner
- touch clair-whitelist.yml
- echo "Waiting for Clair to start"
- |
while ! nc -z docker 6060; do
sleep 1
WAIT=$((${WAIT} + 1))
if [ "${WAIT}" -gt 30 ]; then
echo "Error > Timeout waiting for Clair to start"
exit 1
fi
done
- docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
script:
- |
clair-scanner \
-c http://docker:6060 \
--ip $(hostname -i) \
-w clair-whitelist.yml \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
tags:
- scan
# Generic deploy template
.deploy: &deploy
<<: *dind
stage: deploy
before_script:
- docker info
- docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}"
- |
echo "${CI_JOB_TOKEN}" | docker login \
--username gitlab-ci-token \
--password-stdin \
registry.gitlab.com
- |
echo "${DOCKER_PASSWORD}" | docker login \
--username "${DOCKER_LOGIN}" \
--password-stdin
script:
- |
docker tag \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache"
- docker push "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache"
- TAG="${CI_COMMIT_TAG#v}"
- TAG="${TAG:-${CI_COMMIT_SHA:0:7}}"
- |
docker tag \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}"
- |
docker push \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}"
- |
docker tag \
"registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}"
- |
docker push \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}"
tags:
- deploy
only:
- master
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
except:
- /^(?!master).+@/
# Generic manifest template
.manifest: &manifest
<<: *dind
stage: manifest
before_script:
- mkdir -p ~/.docker
- echo '{"experimental":"enabled"}' > ~/.docker/config.json
- docker info
- |
echo "${DOCKER_PASSWORD}" | docker login \
--username "${DOCKER_LOGIN}" \
--password-stdin
script:
- TAG="${TAG#v}"
- TAG="${TAG:-${CI_COMMIT_SHA:0:7}}"
- REF="${CI_COMMIT_TAG#v}"
- REF="${REF:-${CI_COMMIT_SHA:0:7}}"
- |
docker manifest create \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}"
- |
docker manifest annotate \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \
--os=linux \
--arch=arm64 \
--variant=v8
- |
docker manifest annotate \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \
--os=linux \
--arch=amd64
- |
docker manifest annotate \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \
--os=linux \
--arch=arm \
--variant=v6
- |
docker manifest annotate \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \
--os=linux \
--arch=386
- |
docker manifest push \
"${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}"
tags:
- manifest
except:
- /^(?!master).+@/
# Preflight jobs
hadolint:
<<: *preflight
image: hadolint/hadolint:latest-debian
before_script:
- hadolint --version
script:
- hadolint "${ADDON_TARGET}/Dockerfile"
shellcheck:
<<: *preflight
image:
name: koalaman/shellcheck-alpine:stable
entrypoint: [""]
before_script:
- shellcheck --version
- apk --no-cache add grep
- |
find . -type f -print0 | \
xargs -0 sed -i 's:#!/usr/bin/with-contenv bash:#!/bin/bash:g'
script:
- |
for file in $(grep -IRl "#\!\(/usr/bin/env \|/bin/\)" --exclude-dir ".git" "${ADDON_TARGET}"); do
if ! shellcheck --external-sources $file; then
export FAILED=1
else
echo "$file OK"
fi
done
if [ "${FAILED}" = "1" ]; then
exit 1
fi
yamllint:
<<: *preflight
image: sdesbure/yamllint
before_script:
- yamllint --version
script:
- yamllint .
jsonlint:
<<: *preflight
image: sahsu/docker-jsonlint
before_script:
- jsonlint --version || true
script:
- |
for file in $(find . -type f -name "*.json"); do
if ! jsonlint -q $file; then
export FAILED=1
else
echo "$file OK"
fi
done
if [ "${FAILED}" = "1" ]; then
exit 1
fi
markdownlint:
<<: *preflight
image:
name: ruby:alpine
entrypoint: [""]
before_script:
- gem install mdl
- mdl --version
script:
- mdl --style all --warnings .
# Build Jobs
build:armhf:
<<: *build
variables:
ADDON_ARCH: armhf
FROM: arm32v6/alpine:3.8
tags:
- build
- armhf
build:aarch64:
<<: *build
variables:
ADDON_ARCH: aarch64
FROM: arm64v8/alpine:3.8
tags:
- build
- aarch64
build:i386:
<<: *build
variables:
ADDON_ARCH: i386
FROM: i386/alpine:3.8
tags:
- build
- i386
build:amd64:
<<: *build
variables:
ADDON_ARCH: amd64
FROM: amd64/alpine:3.8
tags:
- build
- amd64
# Scan jobs
clair:armhf:
<<: *scan
variables:
ADDON_ARCH: armhf
clair:aarch64:
<<: *scan
variables:
ADDON_ARCH: aarch64
clair:i386:
<<: *scan
variables:
ADDON_ARCH: i386
clair:amd64:
<<: *scan
variables:
ADDON_ARCH: amd64
# Deploy jobs
deploy:armhf:
<<: *deploy
variables:
ADDON_ARCH: armhf
deploy:aarch64:
<<: *deploy
variables:
ADDON_ARCH: aarch64
deploy:i386:
<<: *deploy
variables:
ADDON_ARCH: i386
deploy:amd64:
<<: *deploy
variables:
ADDON_ARCH: amd64
# Manifest jobs
manifest:sha:
<<: *manifest
only:
- master
manifest:version:
<<: *manifest
variables:
TAG: "${CI_COMMIT_TAG}"
only:
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
manifest:stable:
<<: *manifest
variables:
TAG: latest
only:
- /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/
manifest:beta:
<<: *manifest
variables:
TAG: beta
only:
- /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/
manifest:edge:
<<: *manifest
variables:
TAG: edge
only:
- master
Reference in a new issue View git blame Copy permalink