In the pipeline defined in the stages section of the
.gitlab-ci.yml file, the following jobs are listed in the
order they appear:
Quality (hadolint): This job checks
Dockerfile for any possible issues or bad practices. It uses the
Hadolint tool to achieve this.
Get-version (getsquid_vars): This
job fetches the latest version of Squid using a GET request and saves it
to variables.env.
Building Docker image for AMD64 architecture
(docker-hub-build): This job uses Docker to build
an AMD64 Squid image and pushes it to Docker Hub.
Building Docker image for ARM architecture
(docker-hub-build-arm): This job carries out the
same steps as the previous one but for the ARM architecture.
Testing the Docker image for AMD64
(docker-hub-test): This job checks if the AMD64
Squid image is working correctly.
Testing the Docker image for ARM
(docker-hub-test-arm): This job does similar
testing as the previous one but for the ARM Squid image.
Pushing Docker image tag for AMD64
(push-docker-hub): Tags the AMD64 Squid image with
the obtained Squid version and pushes it to Docker Hub.
Pushing Docker image tag for ARM
(push-docker-hub-arm): Performs the same steps as
the previous job but for the ARM Squid image.
Squid Configuration Parsing
(SquidParseConfig): Checks if the squid
configuration file can be parsed without any errors.
Docker image size analysis (dive,
dive-arm): These jobs analyze the Docker image
layers for AMD64 and ARM using an open source tool called Dive.
ChatGPT analysis
(chatgpt_analysis): Uses the OpenAI’s ChatGPT to
analyze the GitLab CI/CD jobs and commits. It also generates markdown
and HTML versions of the analysis.
Updating DockerHub README
(update_dockerhub_readme): It updates the README
content on Dockerhub based on the README.md from the
repository.
hadolint:
image: hadolint/hadolint:latest-debian
stage: Quality
before_script:
- cd $CI_PROJECT_DIR
script:
- hadolint --ignore DL3008 Dockerfile The hadolint job ensures that the Dockerfile adheres to
best practices. Hadolint is
a Dockerfile linter that helps detect and fix errors, security
vulnerabilities, and bad practices in your Dockerfile. The
--ignore DL3008 option is used to ignore a specific rule
(DL3008) when running the linter.
getsquid_vars:
stage: Get-version
image:
name: $CONTAINER_CLIENT_IMAGE
artifacts:
expire_in: 1 hour
paths:
- variables.env
script:
- apt update && apt install git curl ca-certificates -y --no-upgrade --no-install-recommends --no-install-suggests
- export SQUID_VERSION=$(curl -LsXGET https://github.com/squid-cache/squid/releases/latest | grep -m 1 "Release" | cut -d " " -f4 |tr -d 'v')
- echo "SQUID_VERSION=$SQUID_VERSION" > variables.env
- echo $SQUID_VERSION
- sed -i "s/{{SQUID_VERSION}}/$SQUID_VERSION/g" README_template.md
- sed -i "s/{{DATE}}/$(date +%Y%m%d)/g" README_template.md
- cp README_template.md README.md
- git config user.email "fredbcode"
- git config user.name "fredbcode"
- git add README.md
- git commit -m "README Auto update [skip ci]" || true
- git push https://$GITLAB_TOKEN@gitlab.com/fredbcode-images/squid.git HEAD:master || trueThe getsquid_vars job fetches the latest version of
Squid using the curl command and assigns it to the
SQUID_VERSION variable. The job creates a
variables.env file to store this version for use in other
jobs. This job also updates the README_template.md with the present
Squid version and date, updates the README.md, makes a commit and pushes
this commit with an updated README to the master branch.
The .gitlab-ci.yml file uses several environment
variables including:
GIT_CLONE_PATH: It is set to a temporary filesystem
path, where your GitLab project will be cloned.CONTAINER_CLIENT_IMAGE: Image used as a client to
execute different commands in different jobs.DOCKER_HUB_USER, DOCKER_HUB_TOKEN,
DOCKER_HUB_REGISTRY, HUB_REGISTRY_IMAGE :
Docker login credentials, Docker registry, and Docker image name
respectively.SQUID_VERSION: It will contain the latest version of
Squid fetched in the getsquid_vars job.GITLAB_TOKEN: Access token for GitLab to push changes
to the repository.Also, the script uses some files like variables.env to
pass the Squid version between jobs. Dockerfile is checked in the
hadolint job and README.md is updated in
update_dockerhub_readme job.
Jobs in the pipeline are linked through dependencies or triggers. For
instance, the getsquid_vars job fetches the latest Squid
version, and this version is used in all subsequent jobs. Thus other
jobs like docker-hub-build,
docker-hub-build-arm, docker-hub-test,
docker-hub-test-arm, push-docker-hub,
push-docker-hub-arm and
update_dockerhub_readme are dependent on
getsquid_vars job.
Artifacts are saved at the end of getsquid_vars, and
chatgpt_analysis jobs. In the getsquid_vars
job variables.env containing the latest version of Squid is
saved. In chatgpt_analysis, markdown and HTML versions of
the analysis are saved. Docker images are built and pushed to Docker Hub
by docker-hub-build, docker-hub-build-arm,
push-docker-hub, push-docker-hub-arm jobs.
The latest commit, “README Auto update [skip ci]”, is meant to update
the README.md file automatically based on the latest version of Squid.
This commit is made in the getsquid_vars job. Hence every
time the pipeline runs, it fetches the latest Squid version and reflects
it in the README file. The [skip ci] in the commit message
tells GitLab CI/CD not to run the pipeline as a result of this commit:
this avoids an infinite loop where each job result would trigger a new
CI/CD pipeline.