-
Andres Anaya Amariels authoredrefactor: improve security by updating docker login command in ci_staging.gitlab-ci.yml to use password-stdin - enabling pipeline releasing when tag
Andres Anaya Amariels authoredrefactor: improve security by updating docker login command in ci_staging.gitlab-ci.yml to use password-stdin - enabling pipeline releasing when tag
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
cicd-deploy-release.gitlab-ci.yml 14.60 KiB
stages:
- prod_build_and_push
- deploy_ocf_prod
variables:
# CI_JOB_TOKEN: $CI_JOB_TOKEN
CI_DEBUG_TRACE: "false"
# CI_REGISTRY_USER: $CI_REGISTRY_USER
# CI_REGISTRY: $CI_REGISTRY
CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
NAMESPACE_PROD: "ocf-prod"
DOMAIN_PROD: ocf.production
PATH_PROD: prod
# it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed
# to the repository.
.release_common: &relase_common
rules:
# - if: '$CI_COMMIT_TAG =~ /^.*-release$/'
- if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'
tags:
- shell
prod_build_and_push:
stage: prod_build_and_push
rules:
- if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'
when: always
- when: never
tags:
- shell
script:
- export TMP_PWD=$PWD
- echo "TMP_PWD=$TMP_PWD"
- echo "### docker login###"
- echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
- echo "----------------------------------------------------"
- echo "### build and push nginx image###"
- cd $TMP_PWD/services/nginx/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$CI_COMMIT_TAG .
- docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$CI_COMMIT_TAG
- echo "----------------------------------------------------"
- echo "### build and push register image###"
- cd $TMP_PWD/services/register/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$CI_COMMIT_TAG .
- docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$CI_COMMIT_TAG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$CI_COMMIT_TAG .
- docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$CI_COMMIT_TAG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$CI_COMMIT_TAG .
- docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$CI_COMMIT_TAG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$CI_COMMIT_TAG .
- docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$CI_COMMIT_TAG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Auditing_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$CI_COMMIT_TAG .
- docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$CI_COMMIT_TAG
- echo "----------------------------------------------------"
- echo "### build and push TS29222_CAPIF_Discover_Service_API image###"
- cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/
- docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$CI_COMMIT_TAG .