mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-24 21:14:00 +00:00
7fd40632fe
The regctl image copy-file command was added in v0.4.5. Signed-off-by: Evan Lezar <elezar@nvidia.com>
285 lines
7.1 KiB
YAML
285 lines
7.1 KiB
YAML
# Copyright (c) 2021-2022, NVIDIA CORPORATION. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
default:
|
|
image: docker
|
|
services:
|
|
- name: docker:dind
|
|
command: ["--experimental"]
|
|
|
|
variables:
|
|
GIT_SUBMODULE_STRATEGY: recursive
|
|
BUILDIMAGE: "${CI_REGISTRY_IMAGE}/build:${CI_COMMIT_SHORT_SHA}"
|
|
BUILD_MULTI_ARCH_IMAGES: "true"
|
|
|
|
stages:
|
|
- image
|
|
- lint
|
|
- go-checks
|
|
- go-build
|
|
- unit-tests
|
|
- package-build
|
|
- image-build
|
|
- test
|
|
- scan
|
|
- release
|
|
|
|
.main-or-manual:
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "main"
|
|
- if: $CI_COMMIT_TAG && $CI_COMMIT_TAG != ""
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
when: manual
|
|
|
|
# Define the distribution targets
|
|
.dist-amazonlinux2:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: amazonlinux2
|
|
PACKAGE_REPO_TYPE: rpm
|
|
|
|
.dist-centos7:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: centos7
|
|
CVE_UPDATES: "cyrus-sasl-lib"
|
|
PACKAGE_REPO_TYPE: rpm
|
|
|
|
.dist-centos8:
|
|
variables:
|
|
DIST: centos8
|
|
CVE_UPDATES: "cyrus-sasl-lib"
|
|
PACKAGE_REPO_TYPE: rpm
|
|
|
|
.dist-debian10:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: debian10
|
|
PACKAGE_REPO_TYPE: debian
|
|
|
|
.dist-debian9:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: debian9
|
|
PACKAGE_REPO_TYPE: debian
|
|
|
|
.dist-fedora35:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: fedora35
|
|
PACKAGE_REPO_TYPE: rpm
|
|
|
|
.dist-opensuse-leap15.1:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: opensuse-leap15.1
|
|
PACKAGE_REPO_TYPE: rpm
|
|
|
|
.dist-ubi8:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: ubi8
|
|
CVE_UPDATES: "cyrus-sasl-lib"
|
|
PACKAGE_REPO_TYPE: rpm
|
|
|
|
.dist-ubuntu16.04:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: ubuntu16.04
|
|
PACKAGE_REPO_TYPE: debian
|
|
|
|
.dist-ubuntu18.04:
|
|
variables:
|
|
DIST: ubuntu18.04
|
|
CVE_UPDATES: "libsasl2-2 libsasl2-modules-db"
|
|
PACKAGE_REPO_TYPE: debian
|
|
|
|
.dist-ubuntu20.04:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
DIST: ubuntu20.04
|
|
CVE_UPDATES: "libsasl2-2 libsasl2-modules-db"
|
|
PACKAGE_REPO_TYPE: debian
|
|
|
|
.dist-packaging:
|
|
variables:
|
|
DIST: packaging
|
|
|
|
# Define architecture targets
|
|
.arch-aarch64:
|
|
variables:
|
|
ARCH: aarch64
|
|
|
|
.arch-amd64:
|
|
variables:
|
|
ARCH: amd64
|
|
|
|
.arch-arm64:
|
|
variables:
|
|
ARCH: arm64
|
|
|
|
.arch-ppc64le:
|
|
rules:
|
|
- !reference [.main-or-manual, rules]
|
|
variables:
|
|
ARCH: ppc64le
|
|
|
|
.arch-x86_64:
|
|
variables:
|
|
ARCH: x86_64
|
|
|
|
# Define the platform targets
|
|
.platform-amd64:
|
|
variables:
|
|
PLATFORM: linux/amd64
|
|
|
|
.platform-arm64:
|
|
variables:
|
|
PLATFORM: linux/arm64
|
|
|
|
# Define test helpers
|
|
.integration:
|
|
stage: test
|
|
variables:
|
|
IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit"
|
|
VERSION: "${CI_COMMIT_SHORT_SHA}"
|
|
before_script:
|
|
- apk add --no-cache make bash jq
|
|
- docker login -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
|
|
- docker pull "${IMAGE_NAME}:${VERSION}-${DIST}"
|
|
script:
|
|
- make -f build/container/Makefile test-${DIST}
|
|
|
|
# Define the test targets
|
|
test-packaging:
|
|
extends:
|
|
- .integration
|
|
- .dist-packaging
|
|
needs:
|
|
- image-packaging
|
|
|
|
# Download the regctl binary for use in the release steps
|
|
.regctl-setup:
|
|
before_script:
|
|
- export REGCTL_VERSION=v0.4.5
|
|
- apk add --no-cache curl
|
|
- mkdir -p bin
|
|
- curl -sSLo bin/regctl https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64
|
|
- chmod a+x bin/regctl
|
|
- export PATH=$(pwd)/bin:${PATH}
|
|
|
|
# .release forms the base of the deployment jobs which push images to the CI registry.
|
|
# This is extended with the version to be deployed (e.g. the SHA or TAG) and the
|
|
# target os.
|
|
.release:
|
|
stage: release
|
|
variables:
|
|
# Define the source image for the release
|
|
IMAGE_NAME: "${CI_REGISTRY_IMAGE}/container-toolkit"
|
|
VERSION: "${CI_COMMIT_SHORT_SHA}"
|
|
# OUT_IMAGE_VERSION is overridden for external releases
|
|
OUT_IMAGE_VERSION: "${CI_COMMIT_SHORT_SHA}"
|
|
before_script:
|
|
- !reference [.regctl-setup, before_script]
|
|
|
|
# We ensure that the OUT_IMAGE_VERSION is set
|
|
- 'echo Version: ${OUT_IMAGE_VERSION} ; [[ -n "${OUT_IMAGE_VERSION}" ]] || exit 1'
|
|
|
|
# In the case where we are deploying a different version to the CI_COMMIT_SHA, we
|
|
# need to tag the image.
|
|
# Note: a leading 'v' is stripped from the version if present
|
|
- apk add --no-cache make bash
|
|
script:
|
|
# Log in to the "output" registry, tag the image and push the image
|
|
- 'echo "Logging in to CI registry ${CI_REGISTRY}"'
|
|
- regctl registry login "${CI_REGISTRY}" -u "${CI_REGISTRY_USER}" -p "${CI_REGISTRY_PASSWORD}"
|
|
- '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || echo "Logging in to output registry ${OUT_REGISTRY}"'
|
|
- '[ ${CI_REGISTRY} = ${OUT_REGISTRY} ] || regctl registry login "${OUT_REGISTRY}" -u "${OUT_REGISTRY_USER}" -p "${OUT_REGISTRY_TOKEN}"'
|
|
|
|
# Since OUT_IMAGE_NAME and OUT_IMAGE_VERSION are set, this will push the CI image to the
|
|
# Target
|
|
- make -f build/container/Makefile push-${DIST}
|
|
|
|
# Define a staging release step that pushes an image to an internal "staging" repository
|
|
# This is triggered for all pipelines (i.e. not only tags) to test the pipeline steps
|
|
# outside of the release process.
|
|
.release:staging:
|
|
extends:
|
|
- .release
|
|
variables:
|
|
OUT_REGISTRY_USER: "${CI_REGISTRY_USER}"
|
|
OUT_REGISTRY_TOKEN: "${CI_REGISTRY_PASSWORD}"
|
|
OUT_REGISTRY: "${CI_REGISTRY}"
|
|
OUT_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/staging/container-toolkit"
|
|
|
|
# Define an external release step that pushes an image to an external repository.
|
|
# This includes a devlopment image off main.
|
|
.release:external:
|
|
extends:
|
|
- .release
|
|
rules:
|
|
- if: $CI_COMMIT_TAG
|
|
variables:
|
|
OUT_IMAGE_VERSION: "${CI_COMMIT_TAG}"
|
|
- if: $CI_COMMIT_BRANCH == $RELEASE_DEVEL_BRANCH
|
|
variables:
|
|
OUT_IMAGE_VERSION: "${DEVEL_RELEASE_IMAGE_VERSION}"
|
|
|
|
# Define the release jobs
|
|
release:staging-centos7:
|
|
extends:
|
|
- .release:staging
|
|
- .dist-centos7
|
|
needs:
|
|
- image-centos7
|
|
|
|
release:staging-ubi8:
|
|
extends:
|
|
- .release:staging
|
|
- .dist-ubi8
|
|
needs:
|
|
- image-ubi8
|
|
|
|
release:staging-ubuntu18.04:
|
|
extends:
|
|
- .release:staging
|
|
- .dist-ubuntu18.04
|
|
needs:
|
|
- test-toolkit-ubuntu18.04
|
|
- test-containerd-ubuntu18.04
|
|
- test-crio-ubuntu18.04
|
|
- test-docker-ubuntu18.04
|
|
|
|
release:staging-ubuntu20.04:
|
|
extends:
|
|
- .release:staging
|
|
- .dist-ubuntu20.04
|
|
needs:
|
|
- image-ubuntu20.04
|
|
|
|
release:staging-packaging:
|
|
extends:
|
|
- .release:staging
|
|
- .dist-packaging
|
|
needs:
|
|
- test-packaging
|