Usage
- Create a new project
- Create a
Containerfile.
FROM alpine
- Create GitLab pipeline file
.gitlab-ci.yml:
include:
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/common@stable
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/container@stable
inputs:
name: myapplication
path: .
Pass build arguments to the container builder
Use the args input when your Containerfile needs build-time values. The value is passed through to the selected builder, so use the same syntax you would pass to podman build or buildah build.
include:
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/common@stable
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/container@stable
inputs:
name: myapplication
path: .
args: "APP_ENV CI_COMMIT_SHA"
variables:
APP_ENV: production
Example Containerfile consuming the build arguments:
FROM registry.access.redhat.com/ubi10/ubi-minimal:10.1
ARG APP_ENV=development
LABEL org.opencontainers.image.version=$CI_COMMIT_SHA
RUN echo "Building for ${APP_ENV}"
Publish to a non default registry
- Set variables
CI_REGISTRY,CI_REGISTRY_USERandCI_REGISTRY_PASSWORDat level of the project or group. - Create GitLab pipeline file
.gitlab-ci.yml:
include:
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/common@stable
- component: $CI_SERVER_FQDN/xrow-public/ci-tools/container@stable
inputs:
name: myapplication
path: .
Inputs
| Name | Description | Default | Type |
| --- | --- | --- | --- |
| args | Arguments to pass to the builder. | string | |
| containerfile-path | Alternate path to the Containerfile, if either Dockerfile or Containerfile in the conect directory. | string | |
| dependencies | The dependencies that this job depends on. | [] | array |
| name | Name for the pipeline jobs and the container. | $CI_PROJECT_NAME | string |
| needs | The jobs that this job depends on. | [] | array |
| path | Path to the directory containing Container sources / context. | . | string |
| registry | Registry to store container image releases in | $CI_REGISTRY | string |
| repository-path | Repository to store container image releases in | $CI_REGISTRY_PROJECT_PATH | string |
| rules | The jobs that this job depends on. | [{"if":"$CI_PIPELINE_SOURCE == \"schedule\"","when":"never"},{"if":"$CI_PIPELINE_SOURCE == \"merge_request_event\"","when":"on_success"},{"when":"on_success"}] | array |
| runtime | Repository to store container image releases in | podman | string |
| scanners | Scanners to use. none, vuln, license, secret, misconfig | ["vuln","secret","license","misconfig"] | array |
| scanning-allow-failure | Should the pipeline fail if scanning the built container image fails? | false | boolean |
| scanning-enabled | Should the built container image be scanned? | true | boolean |
| scanning-severity | What level of severity should cause scanning of the built container to fail? | CRITICAL | string |
| scanning-timeout | How long should the scanning process be allowed to run before timing out? Use format e.g. 5m0s | string | |
| secrets | Secrets to pass to the builder. | string | |
| stage | The pipeline stage that the jobs belongs to. | build | string |
| tags | The runners that this job depends on. | [] | array |
| version | Internal version of the nested component to use. | main | string |