Mirrors/workspaces-images
1
0
Fork 0
mirror of https://github.com/kasmtech/workspaces-images.git synced 2026-01-23 02:25:16 +00:00
Code Issues Projects Releases Wiki Activity
workspaces-images/ci-scripts/gitlab-ci.template
Huan Truong f981b1c639
QA-213 update kasm tester
2025-11-13 09:36:48 -06:00

347 lines
9.7 KiB
Text
Raw Permalink Blame History

############
# Settings #
############
image: docker:28.0.0
services:
- docker:28.0.0-dind
stages:
- readme
- revert
- build
- test
- manifest
variables:
BASE_TAG: "{{ BASE_TAG }}"
USE_PRIVATE_IMAGES: {{ USE_PRIVATE_IMAGES }}
KASM_RELEASE: "{{ KASM_RELEASE }}"
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
TEST_INSTALLER: "{{ TEST_INSTALLER }}"
MIRROR_ORG_NAME: "{{ MIRROR_ORG_NAME }}"
default:
retry: 2
before_script:
- docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD
- if [ "$CI_COMMIT_REF_PROTECTED" == "true" ]; then docker login --username $QUAY_USERNAME --password $QUAY_PASSWORD quay.io; fi
- if [ "$CI_COMMIT_REF_PROTECTED" == "true" ]; then docker login --username $GHCR_USERNAME --password $GHCR_PASSWORD ghcr.io; fi
- export SANITIZED_BRANCH="$(echo $CI_COMMIT_REF_NAME | sed -r 's#^release/##' | sed 's/\//_/g')"
.run_rules:
rules:
- if: >
$README_USERNAME ||
$README_PASSWORD ||
$QUAY_API_KEY ||
$DOCKERHUB_REVERT ||
$REVERT_IS_ROLLING
when: never
###############################################
# Build Containers and push to cache endpoint #
###############################################
{% for IMAGE in multiImages %}
build_{{ IMAGE.name }}:
stage: build
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET != "{{ IMAGE.runset }}"
when: never
- if: $CI_COMMIT_REF_NAME == "develop" || $CI_COMMIT_REF_NAME =~ /^release\/.*$/
when: always
- if: $PARENT_PIPELINE_SOURCE == "merge_request_event"
when: always
{% if FILE_LIMITS %}- changes:
{% for FILE in files %}- {{ FILE }}
{% endfor %}{% for FILE in IMAGE.changeFiles %}- {{ FILE }}
{% endfor %}{% endif %}
- when: never
script:
- apk add bash
- bash ci-scripts/build.sh "{{ IMAGE.name }}" "{{ IMAGE.base }}" "{{ IMAGE.dockerfile }}"
tags:
- ${TAG}
retry: 1
parallel:
matrix:
- TAG: [ oci-amd-scheduled, oci-arm-scheduled ]
{% endfor %}
{% for IMAGE in singleImages %}
build_{{ IMAGE.name }}:
stage: build
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET != "{{ IMAGE.runset }}"
when: never
- if: $CI_COMMIT_REF_NAME == "develop" || $CI_COMMIT_REF_NAME =~ /^release\/.*$/
when: always
- if: $PARENT_PIPELINE_SOURCE == "merge_request_event"
when: always
{% if FILE_LIMITS %}- changes:
{% for FILE in files %}- {{ FILE }}
{% endfor %}{% for FILE in IMAGE.changeFiles %}- {{ FILE }}
{% endfor %}{% endif %}
- when: never
script:
- apk add bash
- bash ci-scripts/build.sh "{{ IMAGE.name }}" "{{ IMAGE.base }}" "{{ IMAGE.dockerfile }}"
tags:
- oci-amd-scheduled
retry: 1
{% endfor %}
######################################
# Test containers and upload results #
######################################
{% for IMAGE in multiImages %}
test_{{ IMAGE.name }}:
stage: test
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET != "{{ IMAGE.runset }}"
when: never
- if: $CI_COMMIT_REF_NAME == "develop" || $CI_COMMIT_REF_NAME =~ /^release\/.*$/
when: always
- if: $PARENT_PIPELINE_SOURCE == "merge_request_event"
when: always
{% if FILE_LIMITS %}- changes:
{% for FILE in files %}- {{ FILE }}
{% endfor %}{% for FILE in IMAGE.changeFiles %}- {{ FILE }}
{% endfor %}{% endif %}
script:
- apk add bash
- bash ci-scripts/test.sh "{{ IMAGE.name }}" "{{ IMAGE.base }}" "{{ IMAGE.dockerfile }}" "${ARCH}" "${EC2_LAUNCHER_ID}" "${EC2_LAUNCHER_SECRET}"
needs:
- build_{{ IMAGE.name }}
tags:
- oci-amd-scheduled
retry: 1
parallel:
matrix:
- ARCH: [ "x86_64", "aarch64" ]
{% endfor %}
{% for IMAGE in singleImages %}
test_{{ IMAGE.name }}:
stage: test
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET != "{{ IMAGE.runset }}"
when: never
- if: $CI_COMMIT_REF_NAME == "develop" || $CI_COMMIT_REF_NAME =~ /^release\/.*$/
when: always
- if: $PARENT_PIPELINE_SOURCE == "merge_request_event"
when: always
{% if FILE_LIMITS %}- changes:
{% for FILE in files %}- {{ FILE }}
{% endfor %}{% for FILE in IMAGE.changeFiles %}- {{ FILE }}
{% endfor %}{% endif %}
script:
- apk add bash
- bash ci-scripts/test.sh "{{ IMAGE.name }}" "{{ IMAGE.base }}" "{{ IMAGE.dockerfile }}" "x86_64" "${EC2_LAUNCHER_ID}" "${EC2_LAUNCHER_SECRET}"
needs:
- build_{{ IMAGE.name }}
tags:
- oci-amd-scheduled
retry: 1
{% endfor %}
############################################
# Manifest Containers if their test passed #
############################################
{% for IMAGE in multiImages %}
manifest_{{ IMAGE.name }}:
stage: manifest
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET != "{{ IMAGE.runset }}"
when: never
- if: $CI_COMMIT_REF_NAME == "develop" || $CI_COMMIT_REF_NAME =~ /^release\/.*$/
when: always
- if: $PARENT_PIPELINE_SOURCE == "merge_request_event"
when: always
{% if FILE_LIMITS %}- changes:
{% for FILE in files %}- {{ FILE }}
{% endfor %}{% for FILE in IMAGE.changeFiles %}- {{ FILE }}
{% endfor %}{% endif %}
variables:
SCHEDULED: "{{ SCHEDULED }}"
SCHEDULE_NAME: "{{ SCHEDULE_NAME }}"
script:
- apk add bash tar
- bash ci-scripts/manifest.sh "{{ IMAGE.name }}" "multi"
# Disabling app layer build due to feature not being used
#{% if IMAGE.singleapp %}
#- bash ci-scripts/app-layer.sh "{{ IMAGE.name }}" "multi" "{{ IMAGE.base }}"{% endif %}
needs:
- test_{{ IMAGE.name }}
retry: 1
tags:
- oci-amd-scheduled
{% endfor %}
{% for IMAGE in singleImages %}
manifest_{{ IMAGE.name }}:
stage: manifest
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET != "{{ IMAGE.runset }}"
when: never
- if: $CI_COMMIT_REF_NAME == "develop" || $CI_COMMIT_REF_NAME =~ /^release\/.*$/
when: always
- if: $PARENT_PIPELINE_SOURCE == "merge_request_event"
when: always
{% if FILE_LIMITS %}- changes:
{% for FILE in files %}- {{ FILE }}
{% endfor %}{% for FILE in IMAGE.changeFiles %}- {{ FILE }}
{% endfor %}{% endif %}
variables:
SCHEDULED: "{{ SCHEDULED }}"
SCHEDULE_NAME: "{{ SCHEDULE_NAME }}"
script:
- apk add bash tar
- bash ci-scripts/manifest.sh "{{ IMAGE.name }}" "single"
# Disabling app layer build due to feature not being used
#{% if IMAGE.singleapp %}
#- bash ci-scripts/app-layer.sh "{{ IMAGE.name }}" "single" "{{ IMAGE.base }}"{% endif %}
needs:
- test_{{ IMAGE.name }}
retry: 1
tags:
- oci-amd-scheduled
{% endfor %}
#############################
# Manifest for Weekly Build #
#############################
{% for IMAGE in multiImages %}
weekly_manifest_{{ IMAGE.name }}:
stage: manifest
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET == "schedule"
when: always
- when: never
script:
- apk add bash tar
- bash ci-scripts/weekly-manifest.sh "{{ IMAGE.name }}" "multi"
retry: 1
tags:
- oci-amd-scheduled
{% endfor %}
{% for IMAGE in singleImages %}
weekly_manifest_{{ IMAGE.name }}:
stage: manifest
extends: .run_rules
rules:
- !reference [.run_rules, rules]
- if: $PARENT_PIPELINE_SOURCE == "schedule" && $RUN_SET == "schedule"
when: always
- when: never
script:
- apk add bash tar
- bash ci-scripts/weekly-manifest.sh "{{ IMAGE.name }}" "single"
retry: 1
tags:
- oci-amd-scheduled
{% endfor %}
####################
# Helper Functions #
####################
## Update Readmes ##
{% for IMAGE in multiImages %}
update_readmes_{{ IMAGE.name }}:
stage: readme
rules:
- if: >
$README_USERNAME &&
$README_PASSWORD
when: always
script:
- apk add bash
- bash ci-scripts/readme.sh "{{ IMAGE.name }}"
tags:
- oci-amd-scheduled
{% endfor %}
{% for IMAGE in singleImages %}
update_readmes_{{ IMAGE.name }}:
stage: readme
rules:
- if: >
$README_USERNAME &&
$README_PASSWORD
when: always
script:
- apk add bash
- bash ci-scripts/readme.sh "{{ IMAGE.name }}"
tags:
- oci-amd-scheduled
{% endfor %}
## Update Quay Readmes ##
{% for IMAGE in multiImages %}
update_quay_readmes_{{ IMAGE.name }}:
stage: readme
rules:
- if: $QUAY_API_KEY
when: always
script:
- apk add bash
- bash ci-scripts/quay_readme.sh "{{ IMAGE.name }}"
tags:
- oci-amd-scheduled
{% endfor %}
{% for IMAGE in singleImages %}
update_quay_readmes_{{ IMAGE.name }}:
stage: readme
rules:
- if: $QUAY_API_KEY
when: always
script:
- apk add bash
- bash ci-scripts/quay_readme.sh "{{ IMAGE.name }}"
tags:
- oci-amd-scheduled
{% endfor %}
## Revert Images to specific build id ##
{% for IMAGE in multiImages %}
dockerhub_revert_{{ IMAGE.name }}:
stage: revert
rules:
- if: >
$DOCKERHUB_REVERT &&
$REVERT_IS_ROLLING
when: always
script:
- /bin/bash ci-scripts/manifest.sh "{{ IMAGE.name }}" "multi" "${DOCKERHUB_REVERT}" "${REVERT_IS_ROLLING}"
tags:
- oci-amd-scheduled
{% endfor %}
{% for IMAGE in singleImages %}
dockerhub_revert_{{ IMAGE.name }}:
stage: revert
rules:
- if: >
$DOCKERHUB_REVERT &&
$REVERT_IS_ROLLING
when: always
script:
- /bin/bash ci-scripts/manifest.sh "{{ IMAGE.name }}" "single" "${DOCKERHUB_REVERT}" "${REVERT_IS_ROLLING}"
tags:
- oci-amd-scheduled
{% endfor %}
Reference in a new issue View git blame Copy permalink