convert (again) to kaniko builder

f8e10bf1 · Edward Hicks · c5cffaae · f8e10bf1
Commit f8e10bf1 authored 1 year ago by Edward Hicks
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
-variables:
-  DOCKER_DRIVER: overlay2
-  DOCKER_TLS_CERTDIR: ""
-  DOCKER_TLS_VERIFY: ""
-  DOCKER_BUILDKIT: 0
-
 stages:
  - awsauth
  - build
+  - test

 awsauth:
  stage: awsauth
@@ -20,29 +15,52 @@ awsauth:

 build:
  stage: build
-  image: registry.containers.it.osu.edu/cache-docker/library/docker:20
+  tags:
+    - webhosting
+    - kaniko
+  image:
+    name: gcr.io/kaniko-project/executor:v1.12.1-debug
+    entrypoint: [""]
+  variables:
+    TAG: "$CI_COMMIT_REF_SLUG"
  needs:
    - job: awsauth
      artifacts: true
-  services:
-    - name: docker:20-dind
-      command: ["--experimental"]
-  variables:
-    IMAGE: "$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA"
  script:
-    - docker info
-    - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
-    - echo "$AWS_ECR_TOKEN" | docker login --username "AWS" --password-stdin $AWS_ECR_REGISTRY
-    - docker build --squash --tag $IMAGE .
-    - docker push $IMAGE
+    - if [ $CI_COMMIT_REF_SLUG = "master" -o $CI_COMMIT_REF_SLUG = "main" ]; then TAG="latest"; fi
+    - echo "CS_IMAGE=${CI_REGISTRY_IMAGE}:${TAG}" >> build.env
+    - |
+      echo "
+        {
+            \"auths\" : {
+                \"${CI_REGISTRY}\" : {
+                    \"auth\" : \"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"
+                },
+                \"${AWS_ECR_REGISTRY}\" : {
+                    \"auth\" : \"$(printf "%s:%s" "AWS" "${AWS_ECR_TOKEN}" | base64 | tr -d '\n')\"
+                },
+                \"$CI_DEPENDENCY_PROXY_SERVER\":{
+                    \"auth\":\"$(printf "%s:%s" ${CI_DEPENDENCY_PROXY_USER} "${CI_DEPENDENCY_PROXY_PASSWORD}" | base64 | tr -d '\n')\"
+                }
+            }
+        }
+      " > /kaniko/.docker/config.json
    - |
-      if [ $CI_COMMIT_REF_SLUG == "master" ]; then
-        TAG="latest"
-      else
-        TAG="$CI_COMMIT_REF_SLUG"
-      fi
-    - docker tag $IMAGE $CI_REGISTRY_IMAGE:$TAG
-    - docker push $CI_REGISTRY_IMAGE:$TAG
-    - docker tag $IMAGE $AWS_ECR_REGISTRY/$CI_PROJECT_NAME:$TAG
-    - docker push $AWS_ECR_REGISTRY/$CI_PROJECT_NAME:$TAG
+      /kaniko/executor \
+        --context "${CI_PROJECT_DIR}" \
+        --dockerfile "${CI_PROJECT_DIR}/Dockerfile" \
+        --destination "${CI_REGISTRY_IMAGE}:${TAG}" \
+        --destination "${AWS_ECR_REGISTRY}/${CI_PROJECT_NAME}:${TAG}" \
+        --git "branch=${CI_COMMIT_REF_SLUG},depth=1,single-branch=true,recurse-submodules=true,shallow-submodules=true" \
+        --single-snapshot
  retry: 2
+  artifacts:
+    reports:
+      dotenv: build.env
+
+container_scanning:
+  dependencies:
+    - build
+
+include:
+  - template: Security/Container-Scanning.gitlab-ci.yml