# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. default: image: docker:stable services: - name: docker:stable-dind command: ["--experimental"] variables: GIT_SUBMODULE_STRATEGY: recursive BUILDIMAGE: "${CI_REGISTRY_IMAGE}/build:${CI_COMMIT_SHORT_SHA}" BUILD_MULTI_ARCH_IMAGES: "true" stages: - image - lint - go-checks - go-build - unit-tests - package-build - image-build - test - scan - release # Define the distribution targets .dist-amazonlinux2: variables: DIST: amazonlinux2 .dist-centos7: variables: DIST: centos7 CVE_UPDATES: "cyrus-sasl-lib" .dist-centos8: variables: DIST: centos8 CVE_UPDATES: "cyrus-sasl-lib" .dist-debian10: variables: DIST: debian10 .dist-debian9: variables: DIST: debian9 .dist-opensuse-leap15.1: variables: DIST: opensuse-leap15.1 .dist-ubi8: variables: DIST: ubi8 CVE_UPDATES: "cyrus-sasl-lib" .dist-ubuntu16.04: variables: DIST: ubuntu16.04 .dist-ubuntu18.04: variables: DIST: ubuntu18.04 CVE_UPDATES: "libsasl2-2 libsasl2-modules-db" .dist-packaging: variables: DIST: packaging # Define architecture targets .arch-aarch64: variables: ARCH: aarch64 .arch-amd64: variables: ARCH: amd64 .arch-arm64: variables: ARCH: arm64 .arch-ppc64le: variables: ARCH: ppc64le .arch-x86_64: variables: ARCH: x86_64 # Define the platform targets .platform-amd64: variables: PLATFORM: linux/amd64 .platform-arm64: variables: PLATFORM: linux/arm64 # Define test helpers .integration: stage: test variables: IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit" VERSION: "${CI_COMMIT_SHORT_SHA}" before_script: - apk add --no-cache make bash jq - docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}" - docker pull "${IMAGE_NAME}:${VERSION}-${DIST}" script: - make -f build/container/Makefile test-${DIST} # Define the test targets test-packaging: extends: - .integration - .dist-packaging needs: - image-packaging # Download the regctl binary for use in the release steps .regctl-setup: before_script: - export REGCTL_VERSION=v0.3.10 - apk add --no-cache curl - mkdir -p bin - curl -sSLo bin/regctl https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64 - chmod a+x bin/regctl - export PATH=$(pwd)/bin:${PATH} # .release forms the base of the deployment jobs which push images to the CI registry. # This is extended with the version to be deployed (e.g. the SHA or TAG) and the # target os. .release: stage: release variables: # Define the source image for the release IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit" VERSION: "${CI_COMMIT_SHORT_SHA}" # OUT_IMAGE_VERSION is overridden for external releases OUT_IMAGE_VERSION: "${CI_COMMIT_SHORT_SHA}" before_script: - !reference [.regctl-setup, before_script] # We ensure that the OUT_IMAGE_VERSION is set - 'echo Version: ${OUT_IMAGE_VERSION} ; [[ -n "${OUT_IMAGE_VERSION}" ]] || exit 1' # In the case where we are deploying a different version to the CI_COMMIT_SHA, we # need to tag the image. # Note: a leading 'v' is stripped from the version if present - apk add --no-cache make bash script: # Log in to the "output" registry, tag the image and push the image - 'echo "Logging in to CI registry ${CI_REGISTRY}"' - regctl registry login "${CI_REGISTRY}" -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" - '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || echo "Logging in to output registry ${OUT_REGISTRY}"' - '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || regctl registry login "${OUT_REGISTRY}" -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}"' # Since OUT_IMAGE_NAME and OUT_IMAGE_VERSION are set, this will push the CI image to the # Target - make -f build/container/Makefile push-${DIST} # Define a staging release step that pushes an image to an internal "staging" repository # This is triggered for all pipelines (i.e. not only tags) to test the pipeline steps # outside of the release process. .release:staging: extends: - .release variables: OUT_REGISTRY_USER: "${CI_REGISTRY_USER}" OUT_REGISTRY_TOKEN: "${CI_REGISTRY_PASSWORD}" OUT_REGISTRY: "${CI_REGISTRY}" OUT_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/staging/container-toolkit" # Define an external release step that pushes an image to an external repository. # This includes a devlopment image off master. .release:external: extends: - .release rules: - if: $CI_COMMIT_TAG variables: OUT_IMAGE_VERSION: "${CI_COMMIT_TAG}" - if: $CI_COMMIT_BRANCH == $RELEASE_DEVEL_BRANCH variables: OUT_IMAGE_VERSION: "${DEVEL_RELEASE_IMAGE_VERSION}" # Define the release jobs release:staging-centos7: extends: - .release:staging - .dist-centos7 needs: - image-centos7 release:staging-centos8: extends: - .release:staging - .dist-centos8 needs: - image-centos8 release:staging-ubi8: extends: - .release:staging - .dist-ubi8 needs: - image-ubi8 release:staging-ubuntu18.04: extends: - .release:staging - .dist-ubuntu18.04 needs: - test-toolkit-ubuntu18.04 - test-containerd-ubuntu18.04 - test-crio-ubuntu18.04 - test-docker-ubuntu18.04 release:staging-packaging: extends: - .release:staging - .dist-packaging needs: - test-packaging