docker/all¶
Configure an end-to-end pipeline that includes jobs from each of the build, test, push, and trigger components.
Usage¶
include:
- component: git.ligo.org/computing/cicd-components/docker/trigger@<VERSION>
Inputs¶
| Input | Default value | Description |
|---|---|---|
job_name_prefix | docker | Prefix to apply to all job names |
dockerfile | The path of the Dockerfile to build | |
deploy_when | "tags" | When to deploy images and trigger downstream projects; one of "tags" (only for git tags), "default" (pushes to the default git branch), "all" (pushes to all git branches) |
merge_request_pipelines | false | Whether to build and test jobs for merge request pipelines. |
default_image_name | <image_name> | The name of the image to compare to when scanning a newly built image. Set to the name of the image in the upstream project to enable scanning from forks. |
image_name | $CI_REGISTRY_IMAGE | The name of the image to push to the container registry |
image_tag | $CI_COMMIT_SHA | The tag to give this image in the registry, defaults to the commit SHA |
deploy_tag | $CI_COMMIT_REF_NAME | The tag to give this image when deploying to the registry, and to DockerHub or Quay.io, defaults to the branch or tag name for which the pipeline was triggered. |
tag_latest | true | If true tag the new image as 'latest' when deploying to registries |
upstream_project_path | Path of the upstream project (to ensure that push jobs don't run on pipelines for forks of the upstream project). | |
test_script | Required | Array of commands to run as the script section of the test job |
gitlab_registry_repository | $CI_PROJECT_PATH | Path of target project on GitLab Container Registry (default is the parent project) |
docker_io_repository | Name of repository on Docker Hub to push to | |
quay_io_repository | Name of repository on Quay.io to push to | |
trigger_projects | The list of downstream project paths to trigger. |
Example¶
docker/all example
include:
- component: git.ligo.org/computing/gitlab/components/docker/all@1
inputs:
# validate that the tool is functional
test_script:
- my_tool --help
# only deploy from git tags
deploy_when: tags
# enable merge request pipelines
merge_request_pipelines: true
# only deploy things from this project, not from forks
upstream_project_path: "namespace/project"
# deploy to
docker_io_repository: "username/repository"
quay_io_repository: "username/repository"
The above configuration would result in the following pipeline:
flowchart LR;
subgraph build
direction LR
job_build[<code>docker_build</code>]
end
subgraph test
direction LR
job_scan[<code>docker_container_scanning</code>]
job_test[<code>docker_test</code>]
end
subgraph deploy
direction LR
job_push_gitlab[<code>docker_push_gitlab</code>]
job_push_docker[<code>docker_push_docker_io</code>]
job_push_quay[<code>docker_push_quay_io</code>]
end
build --> test --> deployIn a successfull pipeline (where all jobs pass), the following images would be pushed at various stages:
| Job | Image |
|---|---|
docker_build | containers.ligo.org/namespace/project:$CI_COMMIT_SHA |
docker_push_gitlab | containers.ligo.org/namespace/project:$CI_COMMIT_REF_NAME |
docker_push_gitlab | containers.ligo.org/namespace/project:latest |
docker_push_docker_io | docker.io/username/repository:$CI_COMMIT_REF_NAME |
docker_push_docker_io | docker.io/username/repository:latest |
docker_push_quay_io | quay.io/username/repository:$CI_COMMIT_REF_NAME |
docker_push_quay_io | quay.io/username/repository:latest |
Merge Request Pipeline Behavior
When merge_request_pipelines: true is set, the build and test pipeline stages will also run for merge request events. This allows testing the complete pipeline before merging changes. The push and trigger jobs will not run.