Skip to content
Snippets Groups Projects
Select Git revision
  • 443e4d9e972f03ffeb0eb0ea1bab1c99083b0cf1
  • main default protected
2 results

.gitlab-ci.yml

Blame
  • .gitlab-ci.yml 1007 B
    stages:
      - build
      - scan
      - release
    
    build:
      stage: build
      image: docker:19.03.12
      services:
        - docker:dind
      script:
        - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
        - docker build -t $CI_REGISTRY_IMAGE:latest -f Containerfile . 
        - docker push $CI_REGISTRY_IMAGE:latest
    
    scan:
      stage: scan
      image:
        name: docker.io/aquasec/trivy:latest
        entrypoint: [""]
      variables:
        TRIVY_USERNAME: "$CI_REGISTRY_USER"
        TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"
        TRIVY_AUTH_URL: "$CI_REGISTRY"
        FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:latest
        TRIVY_INSECURE: "true"
      script:
        - trivy image --clear-cache
        - time trivy image --severity HIGH,CRITICAL $FULL_IMAGE_NAME
        
    release:
      stage: release
      image: registry.gitlab.com/gitlab-org/release-cli:latest
      script:
        - release-cli create --name "Release $CI_COMMIT_SHORT_SHA" --description "Release of version $CI_COMMIT_SHORT_SHA" --tag-name "v$CI_COMMIT_SHORT_SHA" --ref "main"
      only:
        - main