-
Sigmund, Dominik authoredSigmund, Dominik authored
.gitlab-ci.yml 1007 B
stages:
- build
- scan
- release
build:
stage: build
image: docker:19.03.12
services:
- docker:dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:latest -f Containerfile .
- docker push $CI_REGISTRY_IMAGE:latest
scan:
stage: scan
image:
name: docker.io/aquasec/trivy:latest
entrypoint: [""]
variables:
TRIVY_USERNAME: "$CI_REGISTRY_USER"
TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"
TRIVY_AUTH_URL: "$CI_REGISTRY"
FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:latest
TRIVY_INSECURE: "true"
script:
- trivy image --clear-cache
- time trivy image --severity HIGH,CRITICAL $FULL_IMAGE_NAME
release:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
script:
- release-cli create --name "Release $CI_COMMIT_SHORT_SHA" --description "Release of version $CI_COMMIT_SHORT_SHA" --tag-name "v$CI_COMMIT_SHORT_SHA" --ref "main"
only:
- main