The pipeline comprises multiple stages, and the jobs are placed in
the stages array based on their order of execution. This
job list is a brief description of the jobs, presented in the same order
as defined in the stages section.
hadolint: This job is used for Dockerfile linting.
Hadolint is a handy Dockerfile linter that helps us build better Docker
containers by checking Dockerfiles for common mistakes, bugs, and best
practices.
docker-hub-build: It builds Docker images on an
amd64 architecture.
docker-hub-test: This is a testing job for Docker
images on amd64 architecture.
push-docker-hub: It pushes Docker images to Docker
Hub on amd64 architecture.
docker-hub-build-arm: It builds Docker images on an
arm architecture.
docker-hub-test-arm: This is a testing job for
Docker images on arm architecture.
push-docker-hub-arm: It pushes Docker images to
Docker Hub on arm architecture.
chatgpt_analysis: This job generates a detailed
analysis of the CI/CD pipeline using GPT Model.
The hadolint job mainly uses the hadolint
command, which is a Dockerfile linter, for validating and
quality-checking the Dockerfile. This tool checks against Docker’s best
practices, rules, and improvements.
hadolint:
image: hadolint/hadolint:latest-debian
stage: quality
before_script:
- cd $CI_PROJECT_DIR
script:
- hadolint --ignore DL3008 Dockerfile This job runs at the quality stage initialized with the
hadolint/hadolint:latest-debian Docker image. It first
navigates to the Project Directory using
cd $CI_PROJECT_DIR. Then, it checks the Dockerfile using
hadolint --ignore DL3008 Dockerfile, where
ignore DL3008 means ignoring any error type DL3008.
The docker-hub-build job is run in the
Docker-hub-build stage. It’s tasked to build the Docker
image.
The purpose of this job can be broken down as follows: - Log into
Docker Hub using given DOCKER_HUB_USER and
DOCKER_HUB_TOKEN. - Navigate into the project directory and
build the Docker image using the pre-defined SQUID_VERSION.
- Push the built image to Docker Hub using docker push.
docker-hub-build:
stage: Docker-hub-build
image: docker:dind
artifacts:
expire_in: 2 hours
paths:
- $CI_PROJECT_DIR
before_script:
- docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_TOKEN" $DOCKER_HUB_REGISTRY
script:
- cd $CI_PROJECT_DIR
- apk add --no-cache curl
- export SQUID_VERSION=$(curl -s http://www.squid-cache.org/Versions/v6/ | egrep -m 1 -oh squid-.*.tar.gz | cut -d '"' -f1)
- docker build --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_AMD64 .
- docker push $CONTAINER_BUILD_NOPROD_NAME_AMD64This job is used for testing the Docker image and is run in the
Docker-hub-test stage.
It includes the squid service and runs on the image defined in
$CONTAINER_CLIENT_IMAGE. It aims to test the image by
making a request to Google through the squid proxy, which is set using
export https_proxy=http://$CONTAINER_TEST_NAME:3128.
docker-hub-test:
stage: Docker-hub-test
extends: .services-amd64
script:
- apt update && apt install -y curl --no-upgrade --no-install-recommends --no-install-suggests
- export https_proxy=http://$CONTAINER_TEST_NAME:3128 && curl -k https://www.google.fr
variables:
HOSTNAME: squidpipeline
needs: ["docker-hub-build"]The push-docker-hub job handles pushing the Docker image
to DockerHub. It tags the Docker image with the current
SQUID_VERSION and pushes it to DockerHub. It also tags the
image as latest and pushes it as well.
This job is run only on the master branch.
push-docker-hub:
stage: Docker-hub-pushtag
image: docker:dind
before_script:
- docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_TOKEN" $DOCKER_HUB_REGISTRY
script:
- apk add --no-cache curl
- docker pull $CONTAINER_BUILD_NOPROD_NAME_AMD64
- export SQUID_VERSION=$(curl -s http://www.squid-cache.org/Versions/v6/ | egrep -m 1 -oh squid-.*.tar.gz | cut -d '"' -f1 | sed 's/\.tar\.gz//g' | sed 's/squid-//g')
- echo $SQUID_VERSION
- docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:$SQUID_VERSION-amd64
- docker push $HUB_REGISTRY_IMAGE:$SQUID_VERSION-amd64
- docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:latest-amd64
- docker push $HUB_REGISTRY_IMAGE:latest-amd64
- docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:latest
- docker push $HUB_REGISTRY_IMAGE:latest
variables:
GIT_STRATEGY: none
needs: ["docker-hub-test"]
only:
- masterThe docker-hub-build-arm job is similar to
docker-hub-build but is specific to arm
architecture.
This job goes through the same process with using the same set of
commands but changes in the Docker image used where
docker:19.03.8-dind is replaced with
docker:19.03.8-dind.
docker-hub-build-arm:
stage: Docker-hub-build
image: docker:19.03.8-dind
tags:
- arm
artifacts:
expire_in: 2 hours
paths:
- $CI_PROJECT_DIR
timeout: 3 hours
before_script:
- docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_TOKEN" $DOCKER_HUB_REGISTRY
script:
- cd $CI_PROJECT_DIR
- apk add --no-cache curl
- export SQUID_VERSION=$(curl -s http://www.squid-cache.org/Versions/v6/ | egrep -m 1 -oh squid-.*.tar.gz | cut -d '"' -f1)
- docker build -f Dockerfile --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_ARM .
- docker push $CONTAINER_BUILD_NOPROD_NAME_ARMThe job docker-hub-test-arm is similar to
docker-hub-test, but specific to the arm
architecture.
It includes the squid service and runs on the image
defined in $CONTAINER_CLIENT_IMAGE. It tests the image by
making a request to Google through the squid proxy, which
is set using
export https_proxy=http://$CONTAINER_TEST_NAME:3128.
docker-hub-test-arm:
stage: Docker-hub-test
extends: .services-arm
tags:
- arm
artifacts:
script:
- apt update && apt install -y curl --no-upgrade --no-install-recommends --no-install-suggests
- export https_proxy=http://$CONTAINER_TEST_NAME:3128 && curl -k https://www.google.fr
variables:
HOSTNAME: squidpipeline
needs: ["docker-hub-build-arm"]The job push-docker-hub-arm is similar to
push-docker-hub, but specific to arm
architecture.
This job pulls the built Docker image, tags it with the current
SQUID_VERSION, and pushes the image to DockerHub.
push-docker-hub-arm:
stage: Docker-hub-pushtag
image: docker:19.03.8-dind
tags:
- arm
artifacts:
before_script:
- docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_TOKEN" $DOCKER_HUB_REGISTRY
script:
- apk add --no-cache curl
- docker pull $CONTAINER_BUILD_NOPROD_NAME_ARM
- export SQUID_VERSION=$(curl -s http://www.squid-cache.org/Versions/v6/ | egrep -m 1 -oh squid-.*.tar.gz | cut -d '"' -f1 | sed 's/\.tar\.gz//g' | sed 's/squid-//g')
- echo $SQUID_VERSION
- docker tag $CONTAINER_BUILD_NOPROD_NAME_ARM $HUB_REGISTRY_IMAGE:$SQUID_VERSION-arm
- docker push $HUB_REGISTRY_IMAGE:$SQUID_VERSION-arm
- docker tag $CONTAINER_BUILD_NOPROD_NAME_ARM $HUB_REGISTRY_IMAGE:latest-arm
- docker push $HUB_REGISTRY_IMAGE:latest-arm
variables:
GIT_STRATEGY: none
needs: ["docker-hub-test-arm"]
only:
- masterThe chatgpt_analysis job aims to generate a detailed
analysis of the CI/CD pipeline using model gpt-4. It gets
the SQUID_VERSION and latest commit information, creating
markdown contents, and it requests the OpenAI API with a POST request.
It gets the response and stores data as artifacts
chatgpt_analysis_*.md.
chatgpt_analysis:
stage: chatgpt
image:
name: $CONTAINER_CLIENT_IMAGE
artifacts:
expire_in: 1 month
paths:
- $CI_PROJECT_DIR/chatgpt_analysis*
before_script:
- apt update && apt install curl git jq ca-certificates pandoc openssh-client -y --no-upgrade --no-install-recommends --no-install-suggests
script:
.....
.....workflow: name uses $CI_COMMIT_TITLE,
which is a predefined environment variable representing the title of the
current commit. This sets the name of the workflow pipeline.
cache: key uses
$CI_JOB_NAME-$CI_COMMIT_REF_SLUG, which are predefined
GitLab CI variables for setting a cache key.
In the before_script: section of
hadolint job, $CI_PROJECT_DIR is referenced,
which is a predefined GitLab CI variable that is used to define the
build directory.
$CONTAINER_BUILD_NOPROD_NAME_AMD64,$CONTAINER_BUILD_NOPROD_NAME_ARM$DOCKER_HUB_USER, $DOCKER_HUB_TOKEN, $DOCKER_HUB_REGISTRY, $HUB_REGISTRY_IMAGE, $SSH_NOSTROMO_KEY
are custom, user-defined environment variables.
The needs keyword in docker-hub-test,
push-docker-hub, docker-hub-test-arm, and
push-docker-hub-arm states that these jobs depend on the
execution of the docker-hub-build and
docker-hub-build-arm. This keyword ensures parallel
execution whenever possible.
hadolint: This does not create any artifacts of its
own.
docker-hub-build: This job creates Docker images
that work on amd64 architecture.
docker-hub-test: No artifacts are created, but it
verifies the network connectivity for the squid service configured in
Docker.
push-docker-hub: No artifacts are created but it
pushes Docker images to Docker hub
docker-hub-build-arm: This job creates Docker images
that work on arm architecture.
docker-hub-test-arm: No artifacts are created, but
it verifies the network connectivity for the squid service configured in
Docker.
push-docker-hub-arm: No artifacts are created but it
pushes Docker images to Docker hub.
chatgpt_analysis: This job creates markdown files
chatgpt_analysis_*.md that store the generated report, and
upload them to https://e2guardian.numsys.eu.
The commit hash d3435e4 states
remove md file to website. The purpose of this is to update
the website after removing some images or markdown files. This commit
does not have an impact on the pipeline itself as the pipeline
configuration (gitlab-ci.yml) does not involve the removed
markdown files.