.gitlab-ci.yml

include:
  - file: /Scan/trivy.yml
    project: jitesoft/gitlab-ci-lib

stages:
  - version
  - base
  - extra
  - scan

variables:
  DOCKER_VERSION: 19.03.9
  CE_VERSION: 18.06.3-ce
  ARCHITECTURES: "linux/amd64,linux/arm64"
  CE_ARCHITECTURES: "linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x"

image: registry.gitlab.com/jitesoft/dockerfiles/misc:latest

# TODO: Rewrite this!

download:version:
  stage: version
  image: registry.gitlab.com/jitesoft/dockerfiles/misc:latest
  script:
    - VERSION="$(wget -qO- https://api.github.com/repos/docker/cli/tags | jq -r '.[0].name' | awk 'NR==1{print $1}')"
    - echo ${VERSION#?} > version.txt
  artifacts:
    paths:
      - version.txt
    expire_in: 1 hour

build:docker:
  needs:
    - download:version
  stage: base
  script:
    - DOCKER_VERSION=$(cat version.txt)
    - docker buildx build --platform ${ARCHITECTURES} --progress plain --build-arg DOCKER_VERSION=${DOCKER_VERSION} --push -t ghcr.io/jitesoft/docker:${DOCKER_VERSION} -t ghcr.io/jitesoft/docker:latest -t ${CI_REGISTRY_IMAGE}:${DOCKER_VERSION} -t ${CI_REGISTRY_IMAGE}:latest -t jitesoft/docker:latest -t jitesoft/docker:${DOCKER_VERSION} .
  tags: [ jitesoft, buildx, protected ]
  only:
    refs:
      - master

build:docker:ce:
  stage: base
  script:
    - docker buildx build --platform ${CE_ARCHITECTURES} --progress plain --build-arg DOCKER_VERSION=${CE_VERSION} --push -t ghcr.io/jitesoft/docker:${CE_VERSION} -t ghcr.io/jitesoft/docker:ce -t ${CI_REGISTRY_IMAGE}:${CE_VERSION} -t ${CI_REGISTRY_IMAGE}:ce -t jitesoft/docker:ce -t jitesoft/docker:${CE_VERSION} .
  tags: [ jitesoft, buildx, protected ]
  only:
    refs:
      - master

build:dind:
  needs:
    - download:version
    - build:docker
  stage: extra
  script:
    - DOCKER_VERSION=$(cat version.txt)
    - cd Dind
    - docker buildx build --platform linux/amd64,linux/arm64 --progress plain --build-arg DOCKER_VERSION=${DOCKER_VERSION} --push -t ghcr.io/jitesoft/docker:${DOCKER_VERSION}-dind -t ghcr.io/jitesoft/docker:dind  -t ${CI_REGISTRY_IMAGE}/dind:${DOCKER_VERSION} -t ${CI_REGISTRY_IMAGE}/dind:latest -t jitesoft/docker:latest-dind -t jitesoft/docker:${DOCKER_VERSION}-dind .
  tags: [ jitesoft, buildx, protected ]
  only:
    refs:
      - master

build:dind:ce:
  needs:
    - build:docker:ce
  stage: extra
  script:
    - cd Dind
    - docker buildx build --platform linux/amd64,linux/arm64,linux/ppc64le,linux/s390x --progress plain --build-arg DOCKER_VERSION=${CE_VERSION} --push -t ghcr.io/jitesoft/docker:${CE_VERSION}-dind -t ghcr.io/jitesoft/docker:ce-dind -t ${CI_REGISTRY_IMAGE}/dind:${CE_VERSION} -t ${CI_REGISTRY_IMAGE}/dind:ce -t jitesoft/docker:${CE_VERSION}-dind -t jitesoft/docker:ce-dind .
  tags: [ jitesoft, buildx, protected ]
  only:
    refs:
      - master

build:buildx:
  needs:
    - build:docker
    - download:version
  stage: extra
  before_script:
    - apk add --no-cache wget grep
    - BUILDX_VERSION=$(wget -qO- https://api.github.com/repos/docker/buildx/releases | jq -r '.[0].name' | awk 'NR==1{print $1}' | sed -r 's/v//g')
  script:
    - DOCKER_VERSION=$(cat version.txt)
    - cd BuildX
    - docker buildx build --platform ${ARCHITECTURES} --progress plain --build-arg BUILDX_VERSION=${BUILDX_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} --push -t ghcr.io/jitesoft/docker:${DOCKER_VERSION}-buildx -t ghcr.io/jitesoft/docker:buildx -t ${CI_REGISTRY_IMAGE}/buildx:${DOCKER_VERSION} -t ${CI_REGISTRY_IMAGE}/buildx:latest -t jitesoft/docker:${DOCKER_VERSION}-buildx -t jitesoft/docker:latest-buildx .
  tags: [ jitesoft, buildx, protected ]
  only:
    refs:
      - master

scan:
  needs:
    - build:docker
  extends: .container_scanning
  variables:
    SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}:latest"
    GIT_STRATEGY: none

scan:dind:
  needs:
    - build:dind
  extends: .container_scanning
  variables:
    SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/dind:latest"
    GIT_STRATEGY: none

scan:ce:
  needs:
    - build:docker
  extends: .container_scanning
  variables:
    SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}:ce"
    GIT_STRATEGY: none

scan:dind:ce:
  needs:
    - build:dind:ce
  extends: .container_scanning
  variables:
    SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/dind:ce"
    GIT_STRATEGY: none

scan:buildx:
  needs:
    - build:buildx
  extends: .container_scanning
  variables:
    SCANNING_IMAGE_NAME: "${CI_REGISTRY_IMAGE}/buildx:latest"
    GIT_STRATEGY: none