--- image: docker:latest variables: ADDON_GITHUB_REPO: hassio-addons/addon-phlex ADDON_SLUG: phlex ADDON_TARGET: phlex DOCKER_DRIVER: overlay2 DOCKER_HUB_ORG: hassioaddons stages: - preflight - build - scan - deploy - manifest - publish # Generic DIND template .dind: &dind before_script: - docker info services: - name: docker:dind command: ["--experimental"] # Generic preflight template .preflight: &preflight stage: preflight tags: - preflight # Generic build template .build: &build <<: *dind stage: build before_script: - docker info - | if [ "$(apk --print-arch)" = "amd64" ]; then docker run --rm --privileged hassioaddons/qemu-user-static:latest fi - | echo "${CI_JOB_TOKEN}" | docker login \ --username gitlab-ci-token \ --password-stdin \ registry.gitlab.com - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" || true script: - | docker build \ --build-arg "BUILD_FROM=${FROM}" \ --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \ --build-arg "BUILD_ARCH=${ADDON_ARCH}" \ --build-arg "BUILD_REF=${CI_COMMIT_SHA}" \ --build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \ --cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" \ --tag \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ "${ADDON_TARGET}" - | docker push \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" # Generic scan template .scan: &scan <<: *dind stage: scan allow_failure: true before_script: - docker info - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U curl ca-certificates - | curl \ --silent \ --show-error \ --location \ --fail \ --retry 3 \ --output /usr/bin/clair-scanner \ https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - chmod +x /usr/bin/clair-scanner - touch clair-whitelist.yml - echo "Waiting for Clair to start" - | while ! nc -z docker 6060; do sleep 1 WAIT=$((${WAIT} + 1)) if [ "${WAIT}" -gt 30 ]; then echo "Error > Timeout waiting for Clair to start" exit 1 fi done - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" script: - | clair-scanner \ -c http://docker:6060 \ --ip $(hostname -i) \ -w clair-whitelist.yml \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" tags: - scan # Generic deploy template .deploy: &deploy <<: *dind stage: deploy before_script: - docker info - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" - | echo "${CI_JOB_TOKEN}" | docker login \ --username gitlab-ci-token \ --password-stdin \ registry.gitlab.com - | echo "${DOCKER_PASSWORD}" | docker login \ --username "${DOCKER_LOGIN}" \ --password-stdin script: - | docker tag \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" - docker push "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" - TAG="${CI_COMMIT_TAG#v}" - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" - | docker tag \ "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" - | docker push \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" tags: - deploy only: - master - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ except: - /^(?!master).+@/ # Generic manifest template .manifest: &manifest <<: *dind stage: manifest before_script: - mkdir -p ~/.docker - echo '{"experimental":"enabled"}' > ~/.docker/config.json - docker info - | echo "${DOCKER_PASSWORD}" | docker login \ --username "${DOCKER_LOGIN}" \ --password-stdin script: - TAG="${TAG#v}" - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" - REF="${CI_COMMIT_TAG#v}" - REF="${REF:-${CI_COMMIT_SHA:0:7}}" - | docker manifest create \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" - | docker manifest annotate \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ --os=linux \ --arch=arm64 \ --variant=v8 - | docker manifest annotate \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ --os=linux \ --arch=amd64 - | docker manifest annotate \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ --os=linux \ --arch=arm \ --variant=v6 - | docker manifest annotate \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \ --os=linux \ --arch=386 - | docker manifest push \ "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" tags: - manifest except: - /^(?!master).+@/ # Generic publish template .publish: &publish stage: publish image: name: hassioaddons/repository-updater:latest entrypoint: [""] script: - | repository-updater \ --token "${GITHUB_TOKEN}" \ --repository "${REPOSITORY}" \ --addon "${ADDON_GITHUB_REPO}" tags: - publish except: - /^(?!master).+@/ # Preflight jobs hadolint: <<: *preflight image: hadolint/hadolint:latest-debian before_script: - hadolint --version script: - hadolint "${ADDON_TARGET}/Dockerfile" shellcheck: <<: *preflight image: name: koalaman/shellcheck-alpine:stable entrypoint: [""] before_script: - shellcheck --version - apk --no-cache add grep - | find . -type f -print0 | \ xargs -0 sed -i 's:#!/usr/bin/with-contenv bash:#!/bin/bash:g' script: - | for file in $(grep -IRl "#\!\(/usr/bin/env \|/bin/\)" --exclude-dir ".git" "${ADDON_TARGET}"); do if ! shellcheck $file; then export FAILED=1 else echo "$file OK" fi done if [ "${FAILED}" = "1" ]; then exit 1 fi yamllint: <<: *preflight image: sdesbure/yamllint before_script: - yamllint --version script: - yamllint . jsonlint: <<: *preflight image: sahsu/docker-jsonlint before_script: - jsonlint --version || true script: - | for file in $(find . -type f -name "*.json"); do if ! jsonlint -q $file; then export FAILED=1 else echo "$file OK" fi done if [ "${FAILED}" = "1" ]; then exit 1 fi markdownlint: <<: *preflight image: name: ruby:alpine entrypoint: [""] before_script: - gem install mdl - mdl --version script: - mdl --style all --warnings . # Build Jobs build:armhf: <<: *build variables: ADDON_ARCH: armhf FROM: hassioaddons/base-armhf:2.1.2 tags: - build - armhf build:aarch64: <<: *build variables: ADDON_ARCH: aarch64 FROM: hassioaddons/base-aarch64:2.1.2 tags: - build - aarch64 build:i386: <<: *build variables: ADDON_ARCH: i386 FROM: hassioaddons/base-i386:2.1.2 tags: - build - i386 build:amd64: <<: *build variables: ADDON_ARCH: amd64 FROM: hassioaddons/base-amd64:2.1.2 tags: - build - amd64 # Scan jobs clair:armhf: <<: *scan variables: ADDON_ARCH: armhf clair:aarch64: <<: *scan variables: ADDON_ARCH: aarch64 clair:i386: <<: *scan variables: ADDON_ARCH: i386 clair:amd64: <<: *scan variables: ADDON_ARCH: amd64 # Deploy jobs deploy:armhf: <<: *deploy variables: ADDON_ARCH: armhf deploy:aarch64: <<: *deploy variables: ADDON_ARCH: aarch64 deploy:i386: <<: *deploy variables: ADDON_ARCH: i386 deploy:amd64: <<: *deploy variables: ADDON_ARCH: amd64 # Manifest jobs manifest:sha: <<: *manifest only: - master manifest:version: <<: *manifest variables: TAG: "${CI_COMMIT_TAG}" only: - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ manifest:stable: <<: *manifest variables: TAG: latest only: - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ manifest:beta: <<: *manifest variables: TAG: beta only: - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ manifest:edge: <<: *manifest variables: TAG: edge only: - master # Publish jobs publish:stable: <<: *publish variables: REPOSITORY: hassio-addons/repository only: - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ environment: name: stable publish:beta: <<: *publish variables: REPOSITORY: hassio-addons/repository-beta only: - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ environment: name: beta publish:edge: <<: *publish variables: REPOSITORY: hassio-addons/repository-edge only: - master environment: name: edge