Skip to content
Snippets Groups Projects
Commit 6d7accd0 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/adaptive-pipeline' into 'master'

Adaptive pipeline

See merge request to-be-continuous/docker!42
parents ee67753f 72613455
No related branches found
No related tags found
No related merge requests found
...@@ -13,14 +13,33 @@ ...@@ -13,14 +13,33 @@
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth # program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA. # Floor, Boston, MA 02110-1301, USA.
# ========================================================================================= # =========================================================================================
# default workflow rules # default workflow rules: Merge Request pipelines
workflow: workflow:
rules: rules:
# exclude merge requests # prevent branch pipeline when an MR is open (prefer MR pipeline)
- if: $CI_MERGE_REQUEST_ID - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
when: never when: never
- when: always - when: always
# test job prototype: implement adaptive pipeline rules
.test-policy:
rules:
# on tag: auto & failing
- if: $CI_COMMIT_TAG
# on ADAPTIVE_PIPELINE_DISABLED: auto & failing
- if: '$ADAPTIVE_PIPELINE_DISABLED == "true"'
# on production or integration branch(es): auto & failing
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# early stage (dev branch, no MR): manual & non-failing
- if: '$CI_MERGE_REQUEST_ID == null && $CI_OPEN_MERGE_REQUESTS == null'
when: manual
allow_failure: true
# Draft MR: auto & non-failing
- if: '$CI_MERGE_REQUEST_TITLE =~ /^Draft:.*/'
allow_failure: true
# else (Ready MR): auto & failing
- when: on_success
variables: variables:
# variabilized tracking image # variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master" TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
...@@ -431,12 +450,10 @@ docker-lint: ...@@ -431,12 +450,10 @@ docker-lint:
script: script:
- dockerfile_lint -f $DOCKER_FILE $DOCKER_LINT_ARGS - dockerfile_lint -f $DOCKER_FILE $DOCKER_LINT_ARGS
rules: rules:
# execute if DOCKER_LINT_ENABLED set # disable if DOCKER_LINT_ENABLED not set
# on production or integration branches: - if: '$DOCKER_LINT_ENABLED != "true"'
- if: '$DOCKER_LINT_ENABLED == "true" && ($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' when: never
# else (development branches): allow failure - !reference [.test-policy, rules]
- if: '$DOCKER_LINT_ENABLED == "true"'
allow_failure: true
docker-hadolint: docker-hadolint:
image: image:
...@@ -469,16 +486,11 @@ docker-hadolint: ...@@ -469,16 +486,11 @@ docker-hadolint:
# exclude if DOCKER_HADOLINT_DISABLED set # exclude if DOCKER_HADOLINT_DISABLED set
- if: '$DOCKER_HADOLINT_DISABLED == "true"' - if: '$DOCKER_HADOLINT_DISABLED == "true"'
when: never when: never
# on production or integration branches: auto - !reference [.test-policy, rules]
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# else (development branches): allow failure
- allow_failure: true
# ================================================== # ==================================================
# Stage: package-build # Stage: package-build
# ================================================== # ==================================================
docker-kaniko-build: docker-kaniko-build:
extends: .docker-kaniko-base extends: .docker-kaniko-base
stage: package-build stage: package-build
...@@ -594,8 +606,9 @@ docker-healthcheck: ...@@ -594,8 +606,9 @@ docker-healthcheck:
rules: rules:
- if: '$DOCKER_HEALTHCHECK_DISABLED == "true"' - if: '$DOCKER_HEALTHCHECK_DISABLED == "true"'
when: never when: never
- if: $DOCKER_DIND_BUILD - if: '$DOCKER_DIND_BUILD == null || $DOCKER_DIND_BUILD == ""'
when: never
- !reference [.test-policy, rules]
# Security audit with trivy # Security audit with trivy
# This is a non-blocking job, it will always return (code) 0 # This is a non-blocking job, it will always return (code) 0
...@@ -641,15 +654,11 @@ docker-trivy: ...@@ -641,15 +654,11 @@ docker-trivy:
rules: rules:
- if: '$DOCKER_TRIVY_DISABLED == "true"' - if: '$DOCKER_TRIVY_DISABLED == "true"'
when: never when: never
- if: '($CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF)' - !reference [.test-policy, rules]
# allow failure on development branches:
- allow_failure: true
# ================================================== # ==================================================
# Stage: publish # Stage: publish
# ================================================== # ==================================================
# This stage only run when you put a new tag to the git repository (a good tag format would be x.x.x ex: 1.0.2, see https://semver.org/) # This stage only run when you put a new tag to the git repository (a good tag format would be x.x.x ex: 1.0.2, see https://semver.org/)
# It will push the release tagged image to the chosen Registry # It will push the release tagged image to the chosen Registry
docker-publish: docker-publish:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment