2023-07-25 20:32:49 +00:00
|
|
|
---
|
|
|
|
when:
|
2023-07-26 18:43:03 +00:00
|
|
|
- event: [pull_request, tag]
|
|
|
|
- event: [push, manual]
|
2023-07-25 21:43:19 +00:00
|
|
|
branch:
|
|
|
|
- ${CI_REPO_DEFAULT_BRANCH}
|
2023-07-25 20:32:49 +00:00
|
|
|
|
|
|
|
steps:
|
2024-10-27 20:30:11 +00:00
|
|
|
- name: security-build
|
2024-07-08 13:48:29 +00:00
|
|
|
image: quay.io/thegeeklab/wp-docker-buildx:5
|
2023-07-25 20:32:49 +00:00
|
|
|
settings:
|
2023-08-22 07:19:02 +00:00
|
|
|
containerfile: Containerfile.multiarch
|
2024-10-27 20:30:11 +00:00
|
|
|
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
|
2023-07-25 20:32:49 +00:00
|
|
|
repo: thegeeklab/${CI_REPO_NAME}
|
|
|
|
|
2024-10-27 20:30:11 +00:00
|
|
|
- name: security-scan
|
|
|
|
image: docker.io/aquasec/trivy
|
|
|
|
depends_on: security-build
|
|
|
|
commands:
|
|
|
|
- trivy -v
|
|
|
|
- trivy image --input oci/${CI_REPO_NAME}
|
|
|
|
environment:
|
|
|
|
TRIVY_EXIT_CODE: "1"
|
|
|
|
TRIVY_IGNORE_UNFIXED: "true"
|
|
|
|
TRIVY_NO_PROGRESS: "true"
|
|
|
|
TRIVY_SEVERITY: HIGH,CRITICAL
|
|
|
|
TRIVY_TIMEOUT: 1m
|
|
|
|
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
|
|
|
|
|
|
|
|
- name: publish-dockerhub
|
2024-07-08 13:48:29 +00:00
|
|
|
image: quay.io/thegeeklab/wp-docker-buildx:5
|
2024-10-27 20:30:11 +00:00
|
|
|
depends_on: [security-scan]
|
2023-07-25 20:32:49 +00:00
|
|
|
settings:
|
|
|
|
auto_tag: true
|
2023-08-22 07:19:02 +00:00
|
|
|
containerfile: Containerfile.multiarch
|
2023-07-25 20:32:49 +00:00
|
|
|
password:
|
|
|
|
from_secret: docker_password
|
|
|
|
platforms:
|
|
|
|
- linux/amd64
|
|
|
|
- linux/arm64
|
|
|
|
- linux/arm/v7
|
|
|
|
- linux/arm/v6
|
|
|
|
provenance: false
|
|
|
|
repo: thegeeklab/${CI_REPO_NAME}
|
|
|
|
username:
|
|
|
|
from_secret: docker_username
|
|
|
|
when:
|
2023-07-26 18:43:03 +00:00
|
|
|
- event: [tag]
|
|
|
|
- event: [push, manual]
|
2023-07-25 21:43:19 +00:00
|
|
|
branch:
|
|
|
|
- ${CI_REPO_DEFAULT_BRANCH}
|
2023-07-25 20:32:49 +00:00
|
|
|
|
2024-10-27 20:30:11 +00:00
|
|
|
- name: publish-quay
|
2024-07-08 13:48:29 +00:00
|
|
|
image: quay.io/thegeeklab/wp-docker-buildx:5
|
2024-10-27 20:30:11 +00:00
|
|
|
depends_on: [security-scan]
|
2023-07-25 20:32:49 +00:00
|
|
|
settings:
|
|
|
|
auto_tag: true
|
2023-08-22 07:19:02 +00:00
|
|
|
containerfile: Containerfile.multiarch
|
2023-07-25 20:32:49 +00:00
|
|
|
password:
|
|
|
|
from_secret: quay_password
|
|
|
|
platforms:
|
|
|
|
- linux/amd64
|
|
|
|
- linux/arm64
|
|
|
|
- linux/arm/v7
|
|
|
|
- linux/arm/v6
|
|
|
|
provenance: false
|
|
|
|
registry: quay.io
|
|
|
|
repo: quay.io/thegeeklab/${CI_REPO_NAME}
|
|
|
|
username:
|
|
|
|
from_secret: quay_username
|
|
|
|
when:
|
2023-07-26 18:43:03 +00:00
|
|
|
- event: [tag]
|
|
|
|
- event: [push, manual]
|
2023-07-25 21:43:19 +00:00
|
|
|
branch:
|
|
|
|
- ${CI_REPO_DEFAULT_BRANCH}
|
2023-07-25 20:32:49 +00:00
|
|
|
|
|
|
|
depends_on:
|
|
|
|
- test
|