From c88f21e714deac559ddd4c72a51f72b688484afd Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Sat, 3 Nov 2018 00:00:51 +0100 Subject: [PATCH] :rocket: Adds GitLab CI --- .gitlab-ci.yml | 428 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 428 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..e382f3e --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,428 @@ +--- +image: docker:latest + +variables: + ADDON_GITHUB_REPO: hassio-addons/addon-traccar + ADDON_SLUG: traccar + ADDON_TARGET: traccar + DOCKER_DRIVER: overlay2 + DOCKER_HUB_ORG: hassioaddons + +stages: + - preflight + - build + - scan + - deploy + - manifest + - publish + +# Generic DIND template +.dind: &dind + before_script: + - docker info + services: + - name: docker:dind + command: ["--experimental"] + +# Generic preflight template +.preflight: &preflight + stage: preflight + tags: + - preflight + +# Generic build template +.build: &build + <<: *dind + stage: build + before_script: + - docker info + - | + if [ "$(apk --print-arch)" = "amd64" ]; then + docker run --rm --privileged hassioaddons/qemu-user-static:latest + fi + - | + echo "${CI_JOB_TOKEN}" | docker login \ + --username gitlab-ci-token \ + --password-stdin \ + registry.gitlab.com + - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" || true + script: + - | + docker build \ + --build-arg "BUILD_FROM=${FROM}" \ + --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \ + --build-arg "BUILD_ARCH=${ADDON_ARCH}" \ + --build-arg "BUILD_REF=${CI_COMMIT_SHA}" \ + --build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \ + --cache-from "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" \ + --tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "${ADDON_TARGET}" + - | + docker push \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" +# Generic scan template +.scan: &scan + <<: *dind + stage: scan + allow_failure: true + before_script: + - docker info + - docker run -d --name db arminc/clair-db:latest + - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 + - apk add -U curl ca-certificates + - | + curl \ + --silent \ + --show-error \ + --location \ + --fail \ + --retry 3 \ + --output /usr/bin/clair-scanner \ + https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 + - chmod +x /usr/bin/clair-scanner + - touch clair-whitelist.yml + - echo "Waiting for Clair to start" + - | + while ! nc -z docker 6060; do + sleep 1 + WAIT=$((${WAIT} + 1)) + if [ "${WAIT}" -gt 30 ]; then + echo "Error > Timeout waiting for Clair to start" + exit 1 + fi + done + - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" + script: + - | + clair-scanner \ + -c http://docker:6060 \ + --ip $(hostname -i) \ + -w clair-whitelist.yml \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" + tags: + - scan + +# Generic deploy template +.deploy: &deploy + <<: *dind + stage: deploy + before_script: + - docker info + - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" + - | + echo "${CI_JOB_TOKEN}" | docker login \ + --username gitlab-ci-token \ + --password-stdin \ + registry.gitlab.com + - | + echo "${DOCKER_PASSWORD}" | docker login \ + --username "${DOCKER_LOGIN}" \ + --password-stdin + script: + - | + docker tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" + - docker push "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:cache" + - TAG="${CI_COMMIT_TAG#v}" + - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" + - | + docker tag \ + "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" + - | + docker push \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" + tags: + - deploy + only: + - master + - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ + except: + - /^(?!master).+@/ + +# Generic manifest template +.manifest: &manifest + <<: *dind + stage: manifest + before_script: + - mkdir -p ~/.docker + - echo '{"experimental":"enabled"}' > ~/.docker/config.json + - docker info + - | + echo "${DOCKER_PASSWORD}" | docker login \ + --username "${DOCKER_LOGIN}" \ + --password-stdin + script: + - TAG="${TAG#v}" + - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" + - REF="${CI_COMMIT_TAG#v}" + - REF="${REF:-${CI_COMMIT_SHA:0:7}}" + - | + docker manifest create \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ + --os=linux \ + --arch=arm64 \ + --variant=v8 + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ + --os=linux \ + --arch=amd64 + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ + --os=linux \ + --arch=arm \ + --variant=v6 + - | + docker manifest annotate \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \ + --os=linux \ + --arch=386 + - | + docker manifest push \ + "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" + tags: + - manifest + except: + - /^(?!master).+@/ + +# Generic publish template +.publish: &publish + stage: publish + image: + name: hassioaddons/repository-updater:latest + entrypoint: [""] + script: + - | + repository-updater \ + --token "${GITHUB_TOKEN}" \ + --repository "${REPOSITORY}" \ + --addon "${ADDON_GITHUB_REPO}" + tags: + - publish + except: + - /^(?!master).+@/ + +# Preflight jobs +hadolint: + <<: *preflight + image: hadolint/hadolint:latest-debian + before_script: + - hadolint --version + script: + - hadolint "${ADDON_TARGET}/Dockerfile" + +shellcheck: + <<: *preflight + image: + name: koalaman/shellcheck-alpine:stable + entrypoint: [""] + before_script: + - shellcheck --version + - apk --no-cache add grep + - | + find . -type f -print0 | \ + xargs -0 sed -i 's:#!/usr/bin/with-contenv bash:#!/bin/bash:g' + script: + - | + for file in $(grep -IRl "#\!\(/usr/bin/env \|/bin/\)" --exclude-dir ".git" "${ADDON_TARGET}"); do + if ! shellcheck $file; then + export FAILED=1 + else + echo "$file OK" + fi + done + if [ "${FAILED}" = "1" ]; then + exit 1 + fi + +yamllint: + <<: *preflight + image: sdesbure/yamllint + before_script: + - yamllint --version + script: + - yamllint . + +jsonlint: + <<: *preflight + image: sahsu/docker-jsonlint + before_script: + - jsonlint --version || true + script: + - | + for file in $(find . -type f -name "*.json"); do + if ! jsonlint -q $file; then + export FAILED=1 + else + echo "$file OK" + fi + done + if [ "${FAILED}" = "1" ]; then + exit 1 + fi +markdownlint: + <<: *preflight + image: + name: ruby:alpine + entrypoint: [""] + before_script: + - gem install mdl + - mdl --version + script: + - mdl --style all --warnings . + +# Build Jobs +build:armhf: + <<: *build + variables: + ADDON_ARCH: armhf + FROM: hassioaddons/base-armhf:2.3.0 + tags: + - build + - armhf + +build:aarch64: + <<: *build + variables: + ADDON_ARCH: aarch64 + FROM: hassioaddons/base-aarch64:2.3.0 + tags: + - build + - aarch64 + +build:i386: + <<: *build + variables: + ADDON_ARCH: i386 + FROM: hassioaddons/base-i386:2.3.0 + tags: + - build + - i386 + +build:amd64: + <<: *build + variables: + ADDON_ARCH: amd64 + FROM: hassioaddons/base-amd64:2.3.0 + tags: + - build + - amd64 + +# Scan jobs +clair:armhf: + <<: *scan + variables: + ADDON_ARCH: armhf + +clair:aarch64: + <<: *scan + variables: + ADDON_ARCH: aarch64 + +clair:i386: + <<: *scan + variables: + ADDON_ARCH: i386 + +clair:amd64: + <<: *scan + variables: + ADDON_ARCH: amd64 + +# Deploy jobs +deploy:armhf: + <<: *deploy + variables: + ADDON_ARCH: armhf + +deploy:aarch64: + <<: *deploy + variables: + ADDON_ARCH: aarch64 + +deploy:i386: + <<: *deploy + variables: + ADDON_ARCH: i386 + +deploy:amd64: + <<: *deploy + variables: + ADDON_ARCH: amd64 + +# Manifest jobs +manifest:sha: + <<: *manifest + only: + - master + +manifest:version: + <<: *manifest + variables: + TAG: "${CI_COMMIT_TAG}" + only: + - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ + +manifest:stable: + <<: *manifest + variables: + TAG: latest + only: + - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ + +manifest:beta: + <<: *manifest + variables: + TAG: beta + only: + - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ + +manifest:edge: + <<: *manifest + variables: + TAG: edge + only: + - master + +# Publish jobs +publish:stable: + <<: *publish + variables: + REPOSITORY: hassio-addons/repository + only: + - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ + environment: + name: stable + +publish:beta: + <<: *publish + variables: + REPOSITORY: hassio-addons/repository-beta + only: + - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ + environment: + name: beta + +publish:edge: + <<: *publish + variables: + REPOSITORY: hassio-addons/repository-edge + only: + - master + environment: + name: edge