diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 043444f..ccc4db7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,399 +1,16 @@ --- -image: docker:latest +include: https://raw.githubusercontent.com/hassio-addons/organization/master/gitlabci/addon.yml variables: - ADDON_GITHUB_REPO: hassio-addons/addon-base - ADDON_SLUG: base - ADDON_TARGET: base - DOCKER_DRIVER: overlay2 - DOCKER_HUB_ORG: hassioaddons - -stages: - - preflight - - build - - scan - - deploy - - manifest - -# Generic DIND template -.dind: &dind - before_script: - - docker info - services: - - name: docker:dind - command: ["--experimental"] - -# Generic preflight template -.preflight: &preflight - stage: preflight - tags: - - preflight - -# Generic build template -.build: &build - <<: *dind - stage: build - before_script: - - docker info - - | - echo "${CI_JOB_TOKEN}" | docker login \ - --username gitlab-ci-token \ - --password-stdin \ - registry.gitlab.com - - | - if [ "$(apk --print-arch)" = "amd64" ]; then - docker run --rm --privileged hassioaddons/qemu-user-static:latest - fi - - apk --no-cache add curl - script: - - | - if [ "$(apk --print-arch)" = "aarch64" ]; then - curl -L -s \ - "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-aarch64-static.tar.gz" | \ - tar zxvf - -C ./base/rootfs/usr/bin/ - fi - - | - if [ "$(apk --print-arch)" = "armhf" ]; then - curl -L -s \ - "https://github.com/hassio-addons/qemu-user-static/releases/download/v2.12.0/qemu-arm-static.tar.gz" | \ - tar zxvf - -C ./base/rootfs/usr/bin/ - fi - - | - docker build \ - --build-arg "BUILD_FROM=${FROM}" \ - --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" \ - --build-arg "BUILD_ARCH=${ADDON_ARCH}" \ - --build-arg "BUILD_REF=${CI_COMMIT_SHA}" \ - --build-arg "BUILD_VERSION=${CI_COMMIT_TAG:-${CI_COMMIT_SHA:0:7}}" \ - --tag \ - "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ - "${ADDON_TARGET}" - - | - docker push \ - "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" - tags: - - build - -# Generic scan template -.scan: &scan - <<: *dind - stage: scan - allow_failure: true - before_script: - - docker info - - docker run -d --name db arminc/clair-db:latest - - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - - apk add -U curl ca-certificates - - | - curl \ - --silent \ - --show-error \ - --location \ - --fail \ - --retry 3 \ - --output /usr/bin/clair-scanner \ - https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - - chmod +x /usr/bin/clair-scanner - - touch clair-whitelist.yml - - echo "Waiting for Clair to start" - - | - while ! nc -z docker 6060; do - sleep 1 - WAIT=$((${WAIT} + 1)) - if [ "${WAIT}" -gt 30 ]; then - echo "Error > Timeout waiting for Clair to start" - exit 1 - fi - done - - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" - script: - - | - clair-scanner \ - -c http://docker:6060 \ - --ip $(hostname -i) \ - -w clair-whitelist.yml \ - "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" - tags: - - scan - -# Generic deploy template -.deploy: &deploy - <<: *dind - stage: deploy - before_script: - - docker info - - docker pull "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" - - | - echo "${CI_JOB_TOKEN}" | docker login \ - --username gitlab-ci-token \ - --password-stdin \ - registry.gitlab.com - - | - echo "${DOCKER_PASSWORD}" | docker login \ - --username "${DOCKER_LOGIN}" \ - --password-stdin - script: - - TAG="${CI_COMMIT_TAG#v}" - - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" - - | - docker tag \ - "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" - - | - docker push \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${ADDON_ARCH}-${TAG}" - - | - docker tag \ - "registry.gitlab.com/${CI_PROJECT_PATH}/${ADDON_ARCH}:${CI_COMMIT_SHA}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}" - - | - docker push \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}-${ADDON_ARCH}:${TAG}" - tags: - - deploy - only: - - master - - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - except: - - /^(?!master).+@/ - -# Generic manifest template -.manifest: &manifest - <<: *dind - stage: manifest - before_script: - - mkdir -p ~/.docker - - echo '{"experimental":"enabled"}' > ~/.docker/config.json - - docker info - - | - echo "${DOCKER_PASSWORD}" | docker login \ - --username "${DOCKER_LOGIN}" \ - --password-stdin - script: - - TAG="${TAG#v}" - - TAG="${TAG:-${CI_COMMIT_SHA:0:7}}" - - REF="${CI_COMMIT_TAG#v}" - - REF="${REF:-${CI_COMMIT_SHA:0:7}}" - - | - docker manifest create \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" - - | - docker manifest annotate \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:aarch64-${REF}" \ - --os=linux \ - --arch=arm64 \ - --variant=v8 - - | - docker manifest annotate \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:amd64-${REF}" \ - --os=linux \ - --arch=amd64 - - | - docker manifest annotate \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:armhf-${REF}" \ - --os=linux \ - --arch=arm \ - --variant=v6 - - | - docker manifest annotate \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:i386-${REF}" \ - --os=linux \ - --arch=386 - - | - docker manifest push \ - "${DOCKER_HUB_ORG}/${ADDON_SLUG}:${TAG}" - tags: - - manifest - except: - - /^(?!master).+@/ - -# Preflight jobs -hadolint: - <<: *preflight - image: hadolint/hadolint:latest-debian - before_script: - - hadolint --version - script: - - hadolint "${ADDON_TARGET}/Dockerfile" - -shellcheck: - <<: *preflight - image: - name: koalaman/shellcheck-alpine:stable - entrypoint: [""] - before_script: - - shellcheck --version - - apk --no-cache add grep - - | - find . -type f -print0 | \ - xargs -0 sed -i 's:#!/usr/bin/with-contenv bash:#!/bin/bash:g' - script: - - | - for file in $(grep -IRl "#\!\(/usr/bin/env \|/bin/\)" --exclude-dir ".git" "${ADDON_TARGET}"); do - if ! shellcheck --external-sources $file; then - export FAILED=1 - else - echo "$file OK" - fi - done - if [ "${FAILED}" = "1" ]; then - exit 1 - fi - -yamllint: - <<: *preflight - image: sdesbure/yamllint - before_script: - - yamllint --version - script: - - yamllint . - -jsonlint: - <<: *preflight - image: sahsu/docker-jsonlint - before_script: - - jsonlint --version || true - script: - - | - for file in $(find . -type f -name "*.json"); do - if ! jsonlint -q $file; then - export FAILED=1 - else - echo "$file OK" - fi - done - if [ "${FAILED}" = "1" ]; then - exit 1 - fi - -markdownlint: - <<: *preflight - image: - name: ruby:alpine - entrypoint: [""] - before_script: - - gem install mdl - - mdl --version - script: - - mdl --style all --warnings . - -# Build Jobs -build:armhf: - <<: *build - variables: - ADDON_ARCH: armhf - FROM: arm32v6/alpine:3.8 - tags: - - build - - armhf - -build:aarch64: - <<: *build - variables: - ADDON_ARCH: aarch64 - FROM: arm64v8/alpine:3.8 - tags: - - build - - aarch64 - -build:i386: - <<: *build - variables: - ADDON_ARCH: i386 - FROM: i386/alpine:3.8 - tags: - - build - - i386 - -build:amd64: - <<: *build - variables: - ADDON_ARCH: amd64 - FROM: amd64/alpine:3.8 - tags: - - build - - amd64 - -# Scan jobs -clair:armhf: - <<: *scan - variables: - ADDON_ARCH: armhf - -clair:aarch64: - <<: *scan - variables: - ADDON_ARCH: aarch64 - -clair:i386: - <<: *scan - variables: - ADDON_ARCH: i386 - -clair:amd64: - <<: *scan - variables: - ADDON_ARCH: amd64 - -# Deploy jobs -deploy:armhf: - <<: *deploy - variables: - ADDON_ARCH: armhf - -deploy:aarch64: - <<: *deploy - variables: - ADDON_ARCH: aarch64 - -deploy:i386: - <<: *deploy - variables: - ADDON_ARCH: i386 - -deploy:amd64: - <<: *deploy - variables: - ADDON_ARCH: amd64 - -# Manifest jobs -manifest:sha: - <<: *manifest - only: - - master - -manifest:version: - <<: *manifest - variables: - TAG: "${CI_COMMIT_TAG}" - only: - - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - -manifest:stable: - <<: *manifest - variables: - TAG: latest - only: - - /^v\d+\.\d+\.\d+(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?$/ - -manifest:beta: - <<: *manifest - variables: - TAG: beta - only: - - /^v\d+\.\d+\.\d+(?:-(?:beta|rc)(?:(?:(?:\+|\.)?[a-zA-Z0-9]+)*)?)?$/ - -manifest:edge: - <<: *manifest - variables: - TAG: edge - only: - - master + ADDON_GITHUB_REPO: "hassio-addons/addon-base" + ADDON_SLUG: "base" + ADDON_TARGET: "base" + + ADDON_ARMV7: "false" + ADDON_LEGACY_TAGS: "true" + ADDON_PUBLISH: "false" + + ADDON_AARCH64_BASE: "arm64v8/alpine:3.8" + ADDON_AMD64_BASE: "amd64/alpine:3.8" + ADDON_ARMHF_BASE: "arm32v6/alpine:3.8" + ADDON_I386_BASE: "i386/alpine:3.8"