diff options
| author |   John Helmert III <ajak@gentoo.org> | 2022-11-07 10:27:31 -0600 |
|---|---|---|
| committer | John Helmert III <ajak@gentoo.org> | 2022-11-08 15:19:02 -0600 |
| commit | 230a83ece103c5294e24adcd164698eedbb3ac44 (patch) | |
| tree | e995bddbb9fb8c8a4a1154b33e7961cda3bf0829 /.gitlab-ci.yml | |
| parent | Revert "Add pgsql extension required to power the search." (diff) | |
| download | soko-230a83ece103c5294e24adcd164698eedbb3ac44.tar.gz soko-230a83ece103c5294e24adcd164698eedbb3ac44.tar.bz2 soko-230a83ece103c5294e24adcd164698eedbb3ac44.zip | |
Use kaniko instead of using docker itself
We're not running the runner with the ability to start privileged
docker containers, so we need to use something capable of working
without privileges.
"kaniko solves two problems with using the Docker-in-Docker build
method:
Docker-in-Docker requires privileged mode to function, which is a
significant security concern..."
Reference: https://docs.gitlab.com/ee/ci/docker/using_kaniko.html
Signed-off-by: John Helmert III <ajak@gentoo.org>
Diffstat (limited to '.gitlab-ci.yml')
| -rw-r--r-- | .gitlab-ci.yml | 49 |
1 files changed, 29 insertions, 20 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0f8dc62..9265b04 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,9 @@ stages: build: stage: build + image: + name: gcr.io/kaniko-project/executor:v1.9.1-debug + entrypoint: [""] except: - tags variables: @@ -13,21 +16,24 @@ build: UPDATER_IMAGE_TAG: $CI_REGISTRY_IMAGE/updater-$CI_COMMIT_BRANCH:$CI_COMMIT_SHA LATEST_IMAGE_TAG: $CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:latest LATEST_UPDATER_IMAGE_TAG: $CI_REGISTRY_IMAGE/updater-$CI_COMMIT_BRANCH:latest - script: + before_script: - echo $IMAGE_TAG - echo $UPDATER_IMAGE_TAG - echo $LATEST_IMAGE_TAG - echo $LATEST_UPDATER_IMAGE_TAG - - docker info - - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin - - docker pull gentoo/portage:latest - - docker pull gentoo/stage3-amd64 - - docker build --no-cache -t $IMAGE_TAG -t $LATEST_IMAGE_TAG . - - docker build --no-cache -t $UPDATER_IMAGE_TAG -t $LATEST_UPDATER_IMAGE_TAG -f Dockerfile.updater . - - docker push $LATEST_IMAGE_TAG - - docker push $IMAGE_TAG - - docker push $UPDATER_IMAGE_TAG - - docker push $LATEST_UPDATER_IMAGE_TAG + script: + - /kaniko/executor + --cache=true + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile" + --destination "${IMAGE_TAG}" + --destination "${LATEST_IMAGE_TAG}" + - /kaniko/executor + --cache=true + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile.updater" + --destination "${UPDATER_IMAGE_TAG}" + --destination "${LATEST_UPDATER_IMAGE_TAG}" build-tag: stage: build @@ -36,17 +42,20 @@ build-tag: variables: IMAGE_TAG: $CI_REGISTRY_IMAGE/web:$CI_COMMIT_TAG UPDATER_IMAGE_TAG: $CI_REGISTRY_IMAGE/updater:$CI_COMMIT_TAG - script: + before_script: - echo $IMAGE_TAG - echo $UPDATER_IMAGE_TAG - - docker info - - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin - - docker pull gentoo/portage:latest - - docker pull gentoo/stage3:amd64 - - docker build -t $IMAGE_TAG . - - docker build -t $UPDATER_IMAGE_TAG -f Dockerfile.updater . - - docker push $IMAGE_TAG - - docker push $UPDATER_IMAGE_TAG + script: + - /kaniko/executor + --cache=true + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile" + --destination "${IMAGE_TAG}" + - /kaniko/executor + --cache=true + --context "${CI_PROJECT_DIR}" + --dockerfile "${CI_PROJECT_DIR}/Dockerfile.updater" + --destination "${UPDATER_IMAGE_TAG}" go-test: stage: go-test |