changes to pipeline

6b1de941 · (INACTIVE) Marcel Bajdel (new marcel.bajdel) · 89553925 · 6b1de941
Commit 6b1de941 authored 1 year ago by (INACTIVE) Marcel Bajdel (new marcel.bajdel)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,10 +3,9 @@ stages:
  - build_branch # builds if the image does not exist
  - branch_scan # Check whether the image is already existing or not for the tag
  - check_image_tag # Check whether there are any vulnerabilities in the image
-  - build_main  # builds when the merge request is made into main
-  - build_tag  # builds when the tag is pushed
-  - test_main # tests when the merge request is made into main
+  - build_develop  # builds when the merge request is made into development branch
  - test_latest # tests when the image with tag latest is pushed
+  - build_tag  # builds when the tag is pushed
  - test_tag  # tests when the tag is pushed

 build_branch:
@@ -41,7 +40,7 @@ branch_scan:
  script:
    - mkdir scan_result
    - cd tar_images
-    - trivy image --timeout 15m --offline-scan --input $CI_COMMIT_BRANCH -f json -o ../scan_result/$CI_COMMIT_BRANCH.json --severity CRITICAL
+    - trivy image --timeout 15m --offline-scan --input $CI_COMMIT_BRANCH.tar -f json -o ../scan_result/$CI_COMMIT_BRANCH.json --severity CRITICAL
  artifacts:
    paths:
      - scan_result
@@ -76,8 +75,8 @@ check_image_tag: # Check whether the image is already existing or not for the ta

  

-build_main: # This build will run only for main branch
-  stage: build_main 
+build_develop: # This build will run only for main branch
+  stage: build_develop 
  image: 
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
@@ -87,7 +86,25 @@ build_main: # This build will run only for main branch
    # build the image with tag latest if the merge request is made into main
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:latest
  rules:
+    - if: '$CI_COMMIT_BRANCH == "develop"'
+    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
+
+test_latest: # This test will run only for tag latest
+  stage: test_latest
+  image:
+    name: gcr.io/go-containerregistry/crane:debug
+    entrypoint: [""]
+  script:
+    # specify auths for crane executor
+    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    # validate the image with tag latest
+    - if ! crane validate --remote $CI_REGISTRY_IMAGE:latest; then exit 1; fi > test_latest.log
+  artifacts:
+    paths:
+      - test_latest.log
+  rules: 
    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
+    - if: '$CI_COMMIT_BRANCH == "develop"'

 build_tag: # This build will run only for tags
  stage: build_tag
@@ -104,39 +121,6 @@ build_tag: # This build will run only for tags
    # if the image does not exist, build it with the added tag
    - if [ "$DOCKER_LATEST_IMAGE_EXISTS" == "false" ]; then /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME; else echo "Docker image already exists"; fi

-test_main:
-  stage: test_main
-  image:
-    name: gcr.io/go-containerregistry/crane:debug
-    entrypoint: [""]
-  rules: # test only if the merge request is made into main
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
-  script:
-    # specify auths for crane executor
-    - if DOCKER_TAG_IMAGE_EXISTS=true; then echo "Docker image already exists"; else crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY; fi
-    # validate the image with tag latest
-    - if ! crane validate --remote $CI_REGISTRY_IMAGE:latest; then exit 1; fi > test_main.log
-  artifacts:
-    paths:
-      - test_main.log
-
-test_latest: # This test will run only for tag latest
-  stage: test_latest
-  image:
-    name: gcr.io/go-containerregistry/crane:debug
-    entrypoint: [""]
-  script:
-    # specify auths for crane executor
-    - if [ "$DOCKER_LATEST_IMAGE_EXISTS" == "false" ]; then echo "Docker image already exists"; else crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY; fi
-    # validate the image with tag latest
-    - if ! crane validate --remote $CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH; then exit 1; fi > test_latest.log
-  artifacts:
-    paths:
-      - test_latest.log
-  rules: 
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
-      when: never
-
 test_tag: # This test will run only for tags
  stage: test_tag
  image: