nvidia-container-toolkit/.common-ci.yml

# Copyright (c) 2021, NVIDIA CORPORATION.  All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
default:
  image: docker:stable
  services:
    - name: docker:stable-dind
      command: ["--experimental"]

variables:
  GIT_SUBMODULE_STRATEGY: recursive
  BUILDIMAGE: "${CI_REGISTRY_IMAGE}/build:${CI_COMMIT_SHORT_SHA}"
  BUILD_MULTI_ARCH_IMAGES: "true"

stages:
  - image
  - lint
  - go-checks
  - go-build
  - unit-tests
  - package-build
  - image-build
  - test
  - scan
  - release

# Define the distribution targets
.dist-amazonlinux2:
  variables:
    DIST: amazonlinux2

.dist-centos7:
  variables:
    DIST: centos7
    CVE_UPDATES: "cyrus-sasl-lib"

.dist-centos8:
  variables:
    DIST: centos8
    CVE_UPDATES: "cyrus-sasl-lib"

.dist-debian10:
  variables:
    DIST: debian10

.dist-debian9:
  variables:
    DIST: debian9

.dist-opensuse-leap15.1:
  variables:
    DIST: opensuse-leap15.1

.dist-ubi8:
  variables:
    DIST: ubi8
    CVE_UPDATES: "cyrus-sasl-lib"

.dist-ubuntu16.04:
  variables:
    DIST: ubuntu16.04

.dist-ubuntu18.04:
  variables:
    DIST: ubuntu18.04
    CVE_UPDATES: "libsasl2-2 libsasl2-modules-db"

.dist-ubuntu20.04:
  variables:
    DIST: ubuntu20.04
    CVE_UPDATES: "libsasl2-2 libsasl2-modules-db"

.dist-packaging:
  variables:
    DIST: packaging

# Define architecture targets
.arch-aarch64:
  variables:
    ARCH: aarch64

.arch-amd64:
  variables:
    ARCH: amd64

.arch-arm64:
  variables:
    ARCH: arm64

.arch-ppc64le:
  variables:
    ARCH: ppc64le

.arch-x86_64:
  variables:
    ARCH: x86_64

# Define the platform targets
.platform-amd64:
  variables:
    PLATFORM: linux/amd64

.platform-arm64:
  variables:
    PLATFORM: linux/arm64

# Define test helpers
.integration:
  stage: test
  variables:
    IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit"
    VERSION: "${CI_COMMIT_SHORT_SHA}"
  before_script:
    - apk add --no-cache make bash jq
    - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
    - docker pull "${IMAGE_NAME}:${VERSION}-${DIST}"
  script:
    - make -f build/container/Makefile test-${DIST}

# Define the test targets
test-packaging:
  extends:
    - .integration
    - .dist-packaging
  needs:
    - image-packaging

# Download the regctl binary for use in the release steps
.regctl-setup:
  before_script:
    - export REGCTL_VERSION=v0.3.10
    - apk add --no-cache curl
    - mkdir -p bin
    - curl -sSLo bin/regctl https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64
    - chmod a+x bin/regctl
    - export PATH=$(pwd)/bin:${PATH}

# .release forms the base of the deployment jobs which push images to the CI registry.
# This is extended with the version to be deployed (e.g. the SHA or TAG) and the
# target os.
.release:
  stage: release
  variables:
    # Define the source image for the release
    IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit"
    VERSION: "${CI_COMMIT_SHORT_SHA}"
    # OUT_IMAGE_VERSION is overridden for external releases
    OUT_IMAGE_VERSION: "${CI_COMMIT_SHORT_SHA}"
  before_script:
    - !reference [.regctl-setup, before_script]

    # We ensure that the OUT_IMAGE_VERSION is set
    - 'echo Version: ${OUT_IMAGE_VERSION} ; [[ -n "${OUT_IMAGE_VERSION}" ]] || exit 1'

    # In the case where we are deploying a different version to the CI_COMMIT_SHA, we
    # need to tag the image.
    # Note: a leading 'v' is stripped from the version if present
    - apk add --no-cache make bash
  script:
    # Log in to the "output" registry, tag the image and push the image
    - 'echo "Logging in to CI registry ${CI_REGISTRY}"'
    - regctl registry login "${CI_REGISTRY}" -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}"
    - '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || echo "Logging in to output registry ${OUT_REGISTRY}"'
    - '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || regctl registry login "${OUT_REGISTRY}" -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}"'

    # Since OUT_IMAGE_NAME and OUT_IMAGE_VERSION are set, this will push the CI image to the
    # Target
    - make -f build/container/Makefile push-${DIST}

# Define a staging release step that pushes an image to an internal "staging" repository
# This is triggered for all pipelines (i.e. not only tags) to test the pipeline steps
# outside of the release process.
.release:staging:
  extends:
    - .release
  variables:
    OUT_REGISTRY_USER: "${CI_REGISTRY_USER}"
    OUT_REGISTRY_TOKEN: "${CI_REGISTRY_PASSWORD}"
    OUT_REGISTRY: "${CI_REGISTRY}"
    OUT_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/staging/container-toolkit"

# Define an external release step that pushes an image to an external repository.
# This includes a devlopment image off main.
.release:external:
  extends:
    - .release
  rules:
    - if: $CI_COMMIT_TAG
      variables:
        OUT_IMAGE_VERSION: "${CI_COMMIT_TAG}"
    - if: $CI_COMMIT_BRANCH == $RELEASE_DEVEL_BRANCH
      variables:
        OUT_IMAGE_VERSION: "${DEVEL_RELEASE_IMAGE_VERSION}"

# Define the release jobs
release:staging-centos7:
  extends:
    - .release:staging
    - .dist-centos7
  needs:
    - image-centos7

release:staging-ubi8:
  extends:
    - .release:staging
    - .dist-ubi8
  needs:
    - image-ubi8

release:staging-ubuntu18.04:
  extends:
    - .release:staging
    - .dist-ubuntu18.04
  needs:
    - test-toolkit-ubuntu18.04
    - test-containerd-ubuntu18.04
    - test-crio-ubuntu18.04
    - test-docker-ubuntu18.04

release:staging-ubuntu20.04:
  extends:
    - .release:staging
    - .dist-ubuntu20.04
  needs:
    - test-toolkit-ubuntu20.04
    - test-containerd-ubuntu20.04
    - test-crio-ubuntu20.04
    - test-docker-ubuntu20.04

release:staging-packaging:
  extends:
    - .release:staging
    - .dist-packaging
  needs:
    - test-packaging