diff --git a/apps/base/gitlab-runner/kustomization.yaml b/apps/base/gitlab-runner/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..de88f7d2f7e8b78509e50eb6696892234b41736e
--- /dev/null
+++ b/apps/base/gitlab-runner/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitlab-runner
+resources:
+ - namespace.yaml
+ - repository.yaml
+ - release.yaml
+ - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
+ - ../../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+ - networkpolicy.yaml
diff --git a/apps/base/gitlab-runner/namespace.yaml b/apps/base/gitlab-runner/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6007b95ab044f2c031f80268924d3b6a711e260d
--- /dev/null
+++ b/apps/base/gitlab-runner/namespace.yaml
@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: gitlab-runner
+ labels:
+ name: gitlab-runner
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gitlab-runner-reconciler
+ namespace: gitlab-runner
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: gitlab-runner-reconciler
+ namespace: gitlab-runner
+rules:
+ - apiGroups: ["*"]
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: gitlab-runner-reconciler
+ namespace: gitlab-runner
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: gitlab-runner-reconciler
+subjects:
+ - kind: ServiceAccount
+ name: gitlab-runner-reconciler
+ namespace: gitlab-runner
diff --git a/apps/base/gitlab-runner/networkpolicy.yaml b/apps/base/gitlab-runner/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8b6160be0af229a296026f2cf8fdde829f5768a6
--- /dev/null
+++ b/apps/base/gitlab-runner/networkpolicy.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-from-monitoring
+spec:
+ podSelector:
+ matchLabels:
+ chart: gitlab-runner
diff --git a/apps/base/gitlab-runner/release.yaml b/apps/base/gitlab-runner/release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..bff2559971522c9a5055c6553fc48fd08e34b657
--- /dev/null
+++ b/apps/base/gitlab-runner/release.yaml
@@ -0,0 +1,79 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: gitlab-runner
+ namespace: gitlab-runner
+spec:
+ serviceAccountName: gitlab-runner-reconciler
+ timeout: 15m
+ releaseName: gitlab-runner
+ chart:
+ spec:
+ chart: gitlab-runner
+ sourceRef:
+ kind: HelmRepository
+ name: gitlab-runner
+ namespace: gitlab-runner
+ version: 0.45.0
+ interval: 5m
+ install:
+ remediation:
+ retries: -1
+ upgrade:
+ remediation:
+ retries: -1
+ valuesFrom:
+ - kind: ConfigMap
+ name: gitlab-runner-base-values
+ valuesKey: values.yaml
+ - kind: Secret
+ name: gitlab-runner-override-values
+ valuesKey: values-overrides.yaml
+ optional: true
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: gitlab-runner-base-values
+ namespace: gitlab-runner
+data:
+ values.yaml: |
+ rbac:
+ create: true
+ rules:
+ - resources:
+ - configmaps
+ - pods
+ - pods/attach
+ - secrets
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - patch
+ - update
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - pods/exec
+ verbs:
+ - create
+ - patch
+ - delete
+ metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ service:
+ enabled: true
+ unregisterRunners: true
+ resources:
+ requests:
+ memory: 128Mi
+ cpu: 100m
+ limits:
+ memory: 256Mi
+ cpu: 200m
diff --git a/apps/base/gitlab-runner/repository.yaml b/apps/base/gitlab-runner/repository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a7cb171330488110d29dedc6d3d3768e4797af1f
--- /dev/null
+++ b/apps/base/gitlab-runner/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: gitlab-runner
+ namespace: gitlab-runner
+spec:
+ interval: 30m
+ url: https://charts.gitlab.io/
diff --git a/apps/k8s01/gitlab-runner/gitlab-runner-values.yaml b/apps/k8s01/gitlab-runner/gitlab-runner-values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1c1fa6fd287e2477c805624b9609a0010b4bd5a2
--- /dev/null
+++ b/apps/k8s01/gitlab-runner/gitlab-runner-values.yaml
@@ -0,0 +1,122 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitlab-runner-override-values
+ namespace: gitlab-runner
+type: Opaque
+stringData:
+ values-overrides.yaml: ENC[AES256_GCM,data:bWZxurNQJ1Vd67CNjiQD6ucukgq2Xd1w/tPkIXX24t5YvWLhO+I6/8SjMQkd59LbUdX8PAtoBpz/GGcNPXPCcRdKTmrLydtUOJEq3tbgaHax+wFPzaLjPQeNEPyP3+qxdYYYkHV9sU8hEU8MgwG7lMqphQ8WRZHvU1UZ2l0bE87a81aagBIdKj9Z3VxCUG3m/Vd74oV8aFHzMvWpgipyx6EjMWhY4d27jTgdyTZFXf5TMFtR/vS/HU4DNw1OAJ9jJ6hxd0fv0q+4PuIgLp6Gpu0E6l/idqE3o9Q0plzWmfE9OJz//dB5e2PklGAiFE88jsx4gqXKgkH+P9aNk2bydi6dJosSLANsFmC5mKEiVOOVL64WmS1iWGpuFFM+mWCUcsX3QHpzPhtBR2bXmYTK+eCjKF1lXbtA88ffqJCZW81Eo/VlHQEaOagiXgRulkIilAAWegO8Aq8IBLyrOQ+8XEaTYgxBZdH7Yd9zrMaBLIzCVOZi5eBu040bG+TuTjzj1UhwWUoWAfwi96ghYWnIQPzXLEWlWB0XIc9PD5Gei0vmO4KZeWEGoQ0LItQb/Qc1xD+BA4cBAZsVdMQs3kezlj7NlfrCMG7i5MpHsgjNq8/u49PreSBg4E/1qMvjiuQgDBOnzxnXBJvawG12LlrLNKRfBgwj0Jg6E4cyZmZ/TPPwCvNjPNbr7Mid9F5e8rDCQIXHzOahCOpgeiBz3ig6EQ2w0SMrOnESJic9xOHfdPJfiS/LDOdtgu5qKRhAU8cs6gZw1+fGbBGI1geDzelz7uXrJmCPu6BUyFc+PmtPlErs0OCQxPhZfPO8lr3EslBAS4sU6G6bFoQszfv26FqdrgoQeyTiFpm2yFlNejRaAtUbCXC2HplJaS7azv6WiwPudSpZ+iNQVGqUJUCe6lJzjo8hZ33FVHZGRLQwOqNMNHZgQAMNZNLfIOD4cms53YhtHSGrAE1zfiyyBIgwDL16fIcwdwPkIlw596kcEmpkqd5/cDwcu/LfcqwLLul0XuKfxe/2BPlTq5ys0mERr3ltKNPSSk/WTT0cj6WjvpqLTWKVKzan4B+pGVYML4uz0Eadp31ntWqn+HJSRmS2MsXq9bPl2IJDdqmywZlJD6VwykWFyFA70T4xNwfcRsADWoFXS/7S1zR6QZbDSkXZb5pk+yPnULWwVNDU0IcW/K/55IdR2QzlE8W5cXRJfGnGWqSF9yLTCl/GhJ0Dg0/HZwayxRr4PhN8Gd1Z2xKYyJIy/LjpMnOoxKsWRvxNjvvFBWqH0CZmNGcoSvIOsgjWp4K1odth2Ek/zOWlUxX1PCK2+eEjW+pv31mLLlWjG1sduZgylS6G0qj8jhJgb8T8YAm5+nrxbF/EJkSxxa2jfWH5peE05irK2hErhqx4h29+oPdgpi1QWPoV4WrBfve3Btw6oY9XIi3IAHloG+f2mg9QfxrCnw8dtaEgCCjGx/nMIY+GP5s7gC629c/ZrYEj8mwmzFkUy6AHdxANSaFxUgu+z34Dgvi1yasCeitnzKdCxepm+kiNwiLr0ZKMTFlZhAqYpFRjAupC28yjL88cBlRdOsWCuDXnY6leMqTveelJvw==,iv:YOK/Z5HS9+hzLjtqGFx0ZbHpjMmaxkFXpYKmuUr8vNo=,tag:Vt9Pj+t/8CkFot6oWq5GJQ==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-09-23T23:52:46Z"
+ mac: ENC[AES256_GCM,data:2XUR6CKywoq0f3m+APd4pNvaUaFiVq5X8XAwyWDl+rGWio4C6EQXxyY7W+Sr5lZP1q3wK4/jXv5FiHVlvRjTUD9et8iXeDU+qzF84rJt1b2go7+ocUhRZCkeJEqGkTX7snCBz/oDvb9ddFB6qKV23niGb2ovA+N/xXA1DBbWHxE=,iv:s93B2Dd0ANzHsWGV9lXdlORzMJeCo1gAIWyd+ZaU37I=,tag:GmLjFKKhfWfF25ukV+Mspg==,type:str]
+ pgp:
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+ ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+ sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+ lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+ 3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+ /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+ s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+ dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+ 8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+ hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+ K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+ 5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+ sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+ =SQqg
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+ 8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+ zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+ 6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+ 8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+ WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+ 5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+ HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+ cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+ hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+ q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+ ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+ BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+ +rtkG7tPbA==
+ =tvBa
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+ version: 3.7.1
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitlab-runner-cache-access
+ namespace: gitlab-runner
+type: Opaque
+stringData:
+ accesskey: ENC[AES256_GCM,data:fYhPmeKYvn1dV8ct0IgDJhdG3A==,iv:enM9VEsc7DtcA/7u3zDjCafhvML2kNTKCL300/TLAP0=,tag:qa1yFwdmp9m9AhWAYQ3UNw==,type:str]
+ secretkey: ENC[AES256_GCM,data:1S3Lxznx5U7NjZg4Ptb6gNgHTPJBplnF3osCSx5DqQ3xSToFxgpTTA==,iv:NsYKWJt5zwIQqYLGKW7u4peubw0XxB61ozqkm7LyFbg=,tag:w1Tby5venIviBBGoW4LbQw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-09-23T23:52:46Z"
+ mac: ENC[AES256_GCM,data:2XUR6CKywoq0f3m+APd4pNvaUaFiVq5X8XAwyWDl+rGWio4C6EQXxyY7W+Sr5lZP1q3wK4/jXv5FiHVlvRjTUD9et8iXeDU+qzF84rJt1b2go7+ocUhRZCkeJEqGkTX7snCBz/oDvb9ddFB6qKV23niGb2ovA+N/xXA1DBbWHxE=,iv:s93B2Dd0ANzHsWGV9lXdlORzMJeCo1gAIWyd+ZaU37I=,tag:GmLjFKKhfWfF25ukV+Mspg==,type:str]
+ pgp:
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+ ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+ sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+ lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+ 3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+ /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+ s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+ dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+ 8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+ hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+ K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+ 5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+ sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+ =SQqg
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+ 8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+ zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+ 6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+ 8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+ WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+ 5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+ HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+ cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+ hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+ q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+ ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+ BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+ +rtkG7tPbA==
+ =tvBa
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+ version: 3.7.1
diff --git a/apps/k8s01/gitlab-runner/kustomization.yaml b/apps/k8s01/gitlab-runner/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0406c98851049a23932c8e5c68a9327ed1b0d3e5
--- /dev/null
+++ b/apps/k8s01/gitlab-runner/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: gitlab-runner
+resources:
+ - ../../base/gitlab-runner
+ - gitlab-runner-values.yaml
+ - resourcequota.yaml
diff --git a/apps/k8s01/gitlab-runner/resourcequota.yaml b/apps/k8s01/gitlab-runner/resourcequota.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8e95e5a03947e99b7c8930d2d22b2844f6a96a61
--- /dev/null
+++ b/apps/k8s01/gitlab-runner/resourcequota.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+ name: build-namespace
+spec:
+ hard:
+ requests.cpu: "3"
+ requests.memory: 16Gi
+ limits.cpu: "12"
+ limits.memory: 24Gi
diff --git a/images/.utils/gitlab-ci.yaml b/images/.utils/gitlab-ci.yaml
index 9f0f87b73c3bd94340aebe33ba0701751acdcaf0..2163f2e4da5a9c5a3ae7c162ab293b273b9c374d 100644
--- a/images/.utils/gitlab-ci.yaml
+++ b/images/.utils/gitlab-ci.yaml
@@ -7,53 +7,48 @@
- koolbox
- synadm
-
-container-build:
+container-build-release:
stage: build
- image: quay.io/sheogorath/build-ah-engine:2.1.2
extends: .container-matrix
- before_script:
- - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+ image:
+ name: gcr.io/kaniko-project/executor:v1.9.0-debug
+ entrypoint: [""]
script:
- - |
- cd images/${IMAGE}
- source .release
- podman build --pull \
- --label "org.opencontainers.image.source=$CI_PROJECT_URL/-/tree/$CI_COMMIT_SHA/images/${IMAGE}" \
- --label "org.opencontainers.image.revision=$CI_COMMIT_SHA" \
- --label "org.opencontainers.image.created=$(date --rfc-3339 ns)" \
- --label "org.opencontainers.image.title=${IMAGE}" \
- -t "quay.io/shivering-isles/${IMAGE}:${release}" \
- --format docker \
- .
- - podman push "quay.io/shivering-isles/${IMAGE}:${release}"
+ - export $(cat "${CI_PROJECT_DIR}/images/.release")
+ - /kaniko/executor
+ --context "${CI_PROJECT_DIR}/images/${IMAGE}"
+ --dockerfile "${CI_PROJECT_DIR}/images/${IMAGE}/Dockerfile"
+ --label "org.opencontainers.image.source=$CI_PROJECT_URL/-/tree/$CI_COMMIT_SHA/images/${IMAGE}"
+ --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
+ --label "org.opencontainers.image.title=${IMAGE}"
+ --reproducible
+ --destination "quay.io/shivering-isles/${IMAGE}:${release}"
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push"'
changes:
- images/${IMAGE}/.release
+
container-build-dev:
stage: build
- image: quay.io/sheogorath/build-ah-engine:2.1.2
extends: .container-matrix
- before_script:
- - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+ image:
+ name: gcr.io/kaniko-project/executor:v1.9.0-debug
+ entrypoint: [""]
script:
- - |
- cd images/${IMAGE}
- podman build --pull \
- --label "org.opencontainers.image.source=$CI_PROJECT_URL/-/tree/$CI_COMMIT_SHA/images/${IMAGE}" \
- --label "org.opencontainers.image.revision=$CI_COMMIT_SHA" \
- --label "org.opencontainers.image.created=$(date --rfc-3339 ns)" \
- --label "org.opencontainers.image.title=${IMAGE}" \
- --label "quay.expires-after=12w" \
- -t "quay.io/shivering-isles/${IMAGE}:${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}" \
- --format docker \
- .
- - podman push "quay.io/shivering-isles/${IMAGE}:${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}"
- - podman push "quay.io/shivering-isles/${IMAGE}:${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}" "quay.io/shivering-isles/${IMAGE}:${CI_COMMIT_REF_SLUG}"
+ - /kaniko/executor
+ --context "${CI_PROJECT_DIR}/images/${IMAGE}"
+ --dockerfile "${CI_PROJECT_DIR}/images/${IMAGE}/Dockerfile"
+ --label "org.opencontainers.image.source=$CI_PROJECT_URL/-/tree/$CI_COMMIT_SHA/images/${IMAGE}"
+ --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
+ --label "org.opencontainers.image.title=${IMAGE}"
+ --label "quay.expires-after=12w"
+ --reproducible
+ --destination "quay.io/shivering-isles/${IMAGE}:${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}"
+ --destination "quay.io/shivering-isles/${IMAGE}:${CI_COMMIT_REF_SLUG}"
rules:
- if: '$CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "push"'
changes:
- images/${IMAGE}/*
- images/.utils/*
+