Merge branch 'create-ci-pipeline' into 'master'

Create ci pipeline See merge request codex/codex-deploy/gecco-dsf-bpe!1

Merge branch 'create-ci-pipeline' into 'master'
Create ci pipeline See merge request codex/codex-deploy/gecco-dsf-bpe!1
d7e330e1 · Johannes Bauer · 6874f938 · 657e0594 · d7e330e1 · d7e330e1
Commit d7e330e1 authored 3 years ago by Johannes Bauer
Hide whitespace changes
Inline Side-by-side

Showing

with 75 additions and 3 deletions
+75 -3
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+include:
+  - project: "devops/ci-templates"
+    file: "/preflight/.tidy-files.yml"
+
+  - project: "devops/ci-templates"
+    file: "/linting/.markdownlint.yml"
+
+  - project: "devops/ci-templates"
+    file: "/linting/.hadolint.yml"
+
+  - project: "devops/ci-templates"
+    file: "/image-scanning/.trivy-scan.yml"
+
+variables:
+  IMAGE_URL: $CONTAINER_REGISTRY/codex-ap1/bpe
+
+.docker_builder:
+  image: harbor.miracum.org/ci/docker:stable
+  variables:
+    DOCKER_BUILDKIT: 1
+    BUILDKIT_PROGRESS: plain
+  before_script:
+    - echo "logging in to $CONTAINER_REGISTRY as $AP1_REGISTRY_USERNAME"
+    - echo "$AP1_REGISTRY_PASSWORD" | docker login -u $AP1_REGISTRY_USERNAME $CONTAINER_REGISTRY --password-stdin
+  after_script:
+    - docker logout $CONTAINER_REGISTRY
+
+stages:
+  - preflight
+  - lint
+  - build
+  - test
+  - release
+
+build:
+  stage: build
+  retry: 2
+  extends: .docker_builder
+  script:
+    - docker pull $IMAGE_URL:latest || true
+    - >
+      docker build
+      --network host
+      --cache-from $IMAGE_URL:latest
+      --tag bpe:$CI_COMMIT_SHORT_SHA
+      .
+    - docker tag bpe:$CI_COMMIT_SHORT_SHA $IMAGE_URL:$CI_COMMIT_SHORT_SHA
+    - docker push $IMAGE_URL:$CI_COMMIT_SHORT_SHA
+
+trivy:
+  variables:
+    IMAGE_FQN: $CONTAINER_REGISTRY/codex-ap1/bpe:$CI_COMMIT_SHORT_SHA
+
+release:
+  stage: release
+  extends: .docker_builder
+  variables:
+    GIT_STRATEGY: none
+  script:
+    - docker pull $IMAGE_URL:$CI_COMMIT_SHORT_SHA
+    - docker tag $IMAGE_URL:$CI_COMMIT_SHORT_SHA $IMAGE_URL:$CI_COMMIT_TAG
+    - docker tag $IMAGE_URL:$CI_COMMIT_TAG $IMAGE_URL:latest
+    - docker push $IMAGE_URL:$CI_COMMIT_TAG
+    - docker push $IMAGE_URL:latest
+  rules:
+    - if: $CI_COMMIT_TAG != null
--- a/Dockerfile
+++ b/Dockerfile
-FROM curlimages/curl AS deps
+FROM curlimages/curl:7.77.0 AS deps

 ARG HAPI_FHIR_CLIENT_VERSION=5.1.0
 ARG HIGHMED_PROCESS_VERSION=0.4.1
@@ -18,12 +18,17 @@ RUN mkdir -p /plugin && \
    chmod a+x /plugin/* && \
    chmod a+x /process/*

+USER 1000
+

 FROM ghcr.io/highmed/bpe:0.4.0

 USER root

-RUN mkdir -p /opt/bpe/conf && \
+# Trivy vulnerabilities
+RUN apt-get update && apt-get upgrade -y --no-install-recommends libgnutls30 liblz4-1 && rm -rf /var/lib/apt/lists/* && \
+    \
+    mkdir -p /opt/bpe/conf && \
    mkdir -p /opt/bpe/plugin && \
    mkdir -p /opt/bpe/process && \
    mkdir -p /opt/bpe/log && \

--- a/README.md
+++ b/README.md
@@ -2,4 +2,5 @@

 Business process engine (BPE) for the GECCO Data Sharing Framework

-This docker image builds on top of the `ghcr.io/highmed/bpe` image and includes all the necessary plugins and BPE processes.
+This docker image builds on top of the `ghcr.io/highmed/bpe` image
+and includes all the necessary plugins and BPE processes.