# This is a GitLab CI configuration to build the project as a docker image# The file is generic enough to be dropped in a project containing a working Dockerfile# Author: Florent CHAUVEAU <florent.chauveau@gmail.com># Mentioned here: https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/# do not use "latest" here, if you want this to work in the futureimage:docker:20stages:- build- pushvariables:# fill those if you have a proxy in your environmenthttp_proxy:""https_proxy:""no_proxy:""# Use this if your GitLab runner does not use socket binding# services:# - docker:dindbefore_script:# docker login asks for the password to be passed through stdin for security# we use $CI_REGISTRY_PASSWORD here which is a special variable provided by GitLab# https://docs.gitlab.com/ce/ci/variables/predefined_variables.html- echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRYBuild:stage:buildscript:# fetches the latest image (not failing if image is not found)- docker pull $CI_REGISTRY_IMAGE:latest || true# builds the project, passing proxy variables, using OCI labels# notice the cache-from, which is going to use the image we just pulled locally# the built image is tagged locally with the commit SHA, and then pushed to # the GitLab registry- > docker build
--pull
--build-arg http_proxy=$http_proxy
--build-arg https_proxy=$https_proxy
--build-arg no_proxy=$no_proxy
--cache-from $CI_REGISTRY_IMAGE:latest
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
.- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA# Here, the goal is to tag the "master" branch as "latest"Push latest:variables:# We are just playing with Docker here. # We do not need GitLab to clone the source code.GIT_STRATEGY:nonestage:pushonly:# Only "master" should be tagged "latest"- masterscript:# Because we have no guarantee that this job will be picked up by the same runner # that built the image in the previous step, we pull it again locally- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA# Then we tag it "latest"- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest# Annnd we push it.- docker push $CI_REGISTRY_IMAGE:latest# Finally, the goal here is to Docker tag any Git tag# GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesomePush tag:variables:# Again, we do not need the source code here. Just playing with Docker.GIT_STRATEGY:nonestage:pushonly:# We want this job to be run on tags only.- tagsscript:- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
# This is a GitLab CI configuration to build the project as a docker image# The file is generic enough to be dropped in a project containing a working Dockerfile# Author: Florent CHAUVEAU <florent.chauveau@gmail.com># Mentioned here: https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/# do not use "latest" here, if you want this to work in the futureimage:docker:20stages:- build- pushvariables:# fill those if you have a proxy in your environmenthttp_proxy:""https_proxy:""no_proxy:""# Use this if your GitLab runner does not use socket binding# services:# - docker:dindbefore_script:# docker login asks for the password to be passed through stdin for security# we use $CI_REGISTRY_PASSWORD here which is a special variable provided by GitLab# https://docs.gitlab.com/ce/ci/variables/predefined_variables.html- echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRYBuild:stage:buildscript:# fetches the latest image (not failing if image is not found)- docker pull $CI_REGISTRY_IMAGE:latest || true# builds the project, passing proxy variables, using OCI labels# notice the cache-from, which is going to use the image we just pulled locally# the built image is tagged locally with the commit SHA, and then pushed to # the GitLab registry- > docker build
--pull
--build-arg http_proxy=$http_proxy
--build-arg https_proxy=$https_proxy
--build-arg no_proxy=$no_proxy
--cache-from $CI_REGISTRY_IMAGE:latest
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
.- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA# Here, the goal is to tag the "master" branch as "latest"Push latest:variables:# We are just playing with Docker here. # We do not need GitLab to clone the source code.GIT_STRATEGY:nonestage:pushonly:# Only "master" should be tagged "latest"- masterscript:# Because we have no guarantee that this job will be picked up by the same runner # that built the image in the previous step, we pull it again locally- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA# Then we tag it "latest"- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest# Annnd we push it.- docker push $CI_REGISTRY_IMAGE:latest# Finally, the goal here is to Docker tag any Git tag# GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesomePush tag:variables:# Again, we do not need the source code here. Just playing with Docker.GIT_STRATEGY:nonestage:pushonly:# We want this job to be run on tags only.- tagsscript:- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME---[blogpost]:<https://blog.callr.tech/building-docker-images-with-gitlab-ci-best-practices/>[gitlab-ci-gist]:<https://gist.githubusercontent.com/florentchauveau/2dc4da0299d42258606fc3b0e148fc07/raw/2397c6831114a5e3a9ecd65b7291d6a5e1e893d2/.gitlab-ci.yml>