PROD.2026/RekomenciBackend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: switched build impl to buildah

Browse Source
This commit is contained in:
ITQ
2025-11-21 15:31:47 +03:00
parent c3e0967045
commit 554fe27a79
1 changed files with 78 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+78 -82
View File
@@ -7,8 +7,6 @@ stages:
variables:
BASE_IMAGE_NAME: $CI_REGISTRY_IMAGE
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
TRIVY_CACHE_DIR: .cache/trivy
TRIVY_NO_PROGRESS: "true"
TRIVY_TIMEOUT: "10m0s"
@@ -17,6 +15,8 @@ variables:
TRIVY_REGISTRY: $CI_REGISTRY
UV_PROJECT_ENVIRONMENT: .venv
UV_CACHE_DIR: .cache/uv
BUILDAH_ISOLATION: oci
STORAGE_DRIVER: vfs
cache:
key: "${CI_COMMIT_REF_SLUG}"
@@ -26,12 +26,12 @@ cache:
- $UV_PROJECT_ENVIRONMENT
policy: pull-push
.docker-job: &docker-job
image: docker:28.5
services:
- docker:28.5-dind
.buildah-job: &buildah-job
image: quay.io/containers/buildah:latest
variables:
STORAGE_DRIVER: vfs
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- buildah login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
.trivy-fs-template: &trivy-fs-scan
stage: security
@@ -116,20 +116,18 @@ cache:
when: on_success
.build-template: &build-config
<<: *docker-job
<<: *buildah-job
stage: build
variables:
DOCKER_BUILDKIT: 1
BUILDKIT_INLINE_CACHE: 1
script:
- |
docker buildx create --use
docker buildx build . \
-t $IMAGE_NAME:$CI_COMMIT_SHA \
-f $CONTAINERFILE --target $BUILDTARGET --push \
--cache-from type=registry,ref=$IMAGE_NAME-cache \
--cache-to type=registry,ref=$IMAGE_NAME-cache,mode=max,oci-mediatypes=true,image-manifest=true,compression=zstd \
--build-arg BUILDKIT_INLINE_CACHE=1
buildah build . \
--tag $IMAGE_NAME:$CI_COMMIT_SHA \
--file $CONTAINERFILE \
--target $BUILDTARGET \
--layers \
--cache-from $IMAGE_NAME-cache \
--cache-to $IMAGE_NAME-cache
- buildah push $IMAGE_NAME:$CI_COMMIT_SHA
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
when: always
@@ -140,26 +138,24 @@ cache:
allow_failure: true
.tag-template: &tag-config
<<: *docker-job
<<: *buildah-job
stage: tag
script:
- |
set -euo pipefail
IMAGE="$IMAGE_NAME:$CI_COMMIT_SHA"
docker pull "$IMAGE"
if [ -n "${CI_COMMIT_TAG:-}" ]; then
docker tag "$IMAGE" "$IMAGE_NAME:$CI_COMMIT_TAG"
docker push "$IMAGE_NAME:$CI_COMMIT_TAG"
buildah tag $IMAGE_NAME:$CI_COMMIT_SHA $IMAGE_NAME:$CI_COMMIT_TAG
buildah push $IMAGE_NAME:$CI_COMMIT_TAG
fi
if [ -n "${CI_COMMIT_BRANCH:-}" ]; then
docker tag "$IMAGE" "$IMAGE_NAME:$CI_COMMIT_REF_SLUG"
docker push "$IMAGE_NAME:$CI_COMMIT_REF_SLUG"
buildah tag $IMAGE_NAME:$CI_COMMIT_SHA $IMAGE_NAME:$CI_COMMIT_REF_SLUG
buildah push $IMAGE_NAME:$CI_COMMIT_REF_SLUG
if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
docker tag "$IMAGE" "$IMAGE_NAME:latest"
docker push "$IMAGE_NAME:latest"
buildah tag $IMAGE_NAME:$CI_COMMIT_SHA $IMAGE_NAME:latest
buildah push $IMAGE_NAME:latest
fi
fi
rules:
@@ -219,61 +215,61 @@ lint:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG
test:
<<: *docker-job
stage: test
variables:
COMPOSE_PROFILES: |
--profile migrations
--profile tests
script:
- apk add --no-cache docker-compose
- export PROFILES="$(printf '%s ' $COMPOSE_PROFILES)"
- cp "$TEST_STAGE_FIREBASE_CONF" ./infrastructure/configs/backend/firebase.json
- |
(
while true; do
docker compose -f compose.yaml $PROFILES logs -f 2>&1
sleep 1
done
) | tee -a compose.log &
- LOGS_PID=$!
- |
REGISTRY_PREFIX=$CI_REGISTRY_IMAGE IMAGE_TAG=$CI_COMMIT_SHA \
docker compose -f compose.yaml -f compose.prod.yaml \
$PROFILES up -d --quiet-pull --quiet-build 2>&1 | tee compose.log
- |
TEST_CONTAINER_ID=$(docker compose -f compose.yaml $PROFILES ps -q tests -a)
timeout 600 docker wait $TEST_CONTAINER_ID
TEST_EXIT_CODE=$(docker inspect --format "{{.State.ExitCode}}" $TEST_CONTAINER_ID)
# test:
# <<: *docker-job
# stage: test
# variables:
# COMPOSE_PROFILES: |
# --profile migrations
# --profile tests
# script:
# - apk add --no-cache docker-compose
# - export PROFILES="$(printf '%s ' $COMPOSE_PROFILES)"
# - cp "$TEST_STAGE_FIREBASE_CONF" ./infrastructure/configs/backend/firebase.json
# - |
# (
# while true; do
# docker compose -f compose.yaml $PROFILES logs -f 2>&1
# sleep 1
# done
# ) | tee -a compose.log &
# - LOGS_PID=$!
# - |
# REGISTRY_PREFIX=$CI_REGISTRY_IMAGE IMAGE_TAG=$CI_COMMIT_SHA \
# docker compose -f compose.yaml -f compose.prod.yaml \
# $PROFILES up -d --quiet-pull --quiet-build 2>&1 | tee compose.log
# - |
# TEST_CONTAINER_ID=$(docker compose -f compose.yaml $PROFILES ps -q tests -a)
# timeout 600 docker wait $TEST_CONTAINER_ID
# TEST_EXIT_CODE=$(docker inspect --format "{{.State.ExitCode}}" $TEST_CONTAINER_ID)
if [ $TEST_EXIT_CODE -eq 0 ]; then
echo "Tests passed."
else
echo "Tests failed with exit code $TEST_EXIT_CODE."
exit 1
fi
- |
docker compose -f compose.yaml $PROFILES down
- cat .cov/coverage.txt
artifacts:
paths:
- ./.cov
- ./compose.log
reports:
coverage_report:
coverage_format: cobertura
path: .cov/coverage.xml
expire_in: 1 week
when: always
coverage: /TOTAL.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
dependencies:
- build-runtime
- build-tests
- build-migrations
# if [ $TEST_EXIT_CODE -eq 0 ]; then
# echo "Tests passed."
# else
# echo "Tests failed with exit code $TEST_EXIT_CODE."
# exit 1
# fi
# - |
# docker compose -f compose.yaml $PROFILES down
# - cat .cov/coverage.txt
# artifacts:
# paths:
# - ./.cov
# - ./compose.log
# reports:
# coverage_report:
# coverage_format: cobertura
# path: .cov/coverage.xml
# expire_in: 1 week
# when: always
# coverage: /TOTAL.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/
# rules:
# - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
# - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
# dependencies:
# - build-runtime
# - build-tests
# - build-migrations
sast-filesystem:
<<: *trivy-fs-scan