Skip to content

Commit c26caae

Browse files
1602077Jack Charlie Munday
1602077
and
Jack Charlie Munday
authored
build(ci): switch to image builds using non-privileged runners (#170)
Signed-off-by: Jack Charlie Munday <jack.charlie.munday@cern.ch> Co-authored-by: Jack Charlie Munday <jack.charlie.munday@cern.ch>
1 parent 8229590 commit c26caae

File tree

1 file changed

+24
-25
lines changed

1 file changed

+24
-25
lines changed

.gitlab-ci.yml

Lines changed: 24 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,16 @@
11
include:
2-
- project: 'ci-tools/container-image-ci-templates'
3-
file: 'docker-image.gitlab-ci.yml'
4-
ref: master
5-
- project: 'ci-tools/container-image-ci-templates'
6-
file: 'helm.gitlab-ci.yml'
2+
- project: kubernetes/tools/gitlab-ci
3+
file:
4+
- buildkit.gitlab-ci.yml
75
ref: master
86

97
stages:
10-
- build-bin
11-
- build-image
12-
- build-chart
8+
- setup
9+
- build
10+
- deploy
1311

14-
build-bin:
15-
stage: build-bin
12+
build::bin:
13+
stage: setup
1614
rules:
1715
- if: $CI_COMMIT_BRANCH || $CI_COMMIT_TAG
1816
image: registry.cern.ch/docker.io/library/golang:1.24
@@ -23,46 +21,47 @@ build-bin:
2321
script:
2422
- make build-cross
2523

26-
build-image:
24+
build::image:
2725
rules:
2826
- if: $CI_COMMIT_TAG
2927
variables:
3028
PUSH_IMAGE: "true"
31-
IMAGE_TAG: $CI_COMMIT_TAG
29+
IMAGE_TAGS: $CI_COMMIT_TAG
3230
- if: $CI_COMMIT_BRANCH
3331
variables:
34-
IMAGE_TAG: $CI_COMMIT_BRANCH
35-
stage: build-image
36-
extends: .build_docker
32+
IMAGE_TAGS: $CI_COMMIT_SHA
33+
PUSH_IMAGE: "false"
3734
variables:
38-
REGISTRY_IMAGE_PATH: "registry.cern.ch/kubernetes/cvmfs-csi:$IMAGE_TAG"
39-
COSIGN_PRIVATE_KEY: "$HARBOR_SIGNKEY"
35+
BUILDKIT_ADDITIONAL_ARGS: "--opt build-arg:RELEASE=$IMAGE_TASG --opt build-arg:GITREF=$CI_COMMIT_SHA --opt build-arg:CREATED=$CI_PIPELINE_CREATED_AT"
36+
CI_REGISTRY: registry.cern.ch
4037
CONTEXT_DIR: "."
41-
DOCKER_FILE_NAME: "deployments/docker/Dockerfile"
38+
DOCKERFILE: "deployments/docker/Dockerfile"
39+
IMAGE: "registry.cern.ch/kubernetes/cvmfs-csi"
4240
PLATFORMS: "linux/amd64,linux/arm64"
43-
BUILD_ARGS: "RELEASE=$IMAGE_TAG GITREF=$CI_COMMIT_SHA CREATED=$CI_PIPELINE_CREATED_AT"
41+
USE_CACHE: "false"
4442

45-
build-chart:
43+
package::chart:
44+
stage: deploy
4645
rules:
4746
- if: $CI_COMMIT_TAG
4847
variables:
4948
PUSH_CHART: "true"
5049
- if: $CI_COMMIT_BRANCH
50+
variables:
51+
PUSH_CHART: "false"
5152
image: registry.cern.ch/kubernetes/ops:0.6.0
52-
stage: build-chart
5353
script: |
54-
CHART_NAME=cvmfs-csi
5554
helm package "deployments/helm/${CHART_NAME}"
5655
5756
if $PUSH_CHART; then
5857
helm registry login registry.cern.ch -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
59-
CHART_VERSION=${CI_COMMIT_TAG#v} # strip version prefix from chart.
60-
helm push ${CHART_NAME}-${CHART_VERSION}.tgz "oci://${REGISTRY_CHART_PATH}"
58+
helm push ${CHART_NAME}-${CI_COMMIT_TAG#v}.tgz "oci://${REGISTRY_CHART_PATH}"
6159
6260
echo -n "${HARBOR_SIGNKEY}" | base64 -d > .sign.key
6361
cosign login registry.cern.ch -u ${HARBOR_USER} -p ${HARBOR_TOKEN}
64-
cosign sign --key .sign.key -y "${REGISTRY_CHART_PATH}/${CHART_NAME}:${CHART_VERSION}"
62+
cosign sign --key .sign.key -y "${REGISTRY_CHART_PATH}/${CHART_NAME}:${CI_COMMIT_TAG#v}"
6563
fi
6664
variables:
6765
REGISTRY_CHART_PATH: registry.cern.ch/kubernetes/charts
6866
COSIGN_PRIVATE_KEY: "$HARBOR_SIGNKEY"
67+
CHART_NAME: cvmfs-csi

0 commit comments

Comments
 (0)