The pipeline consists of the following jobs in the order of execution as specified in the ‘stages’ section of the .gitlab-ci.yml file.
getsquid_vars: The job is responsible for getting the latest version of the Squid proxy server.
hadolint: This job checks Dockerfile for any style violations using the hadolint tool.
docker-hub-build: This job builds a Docker image for Squid for amd64 architecture and pushes it to Docker Hub.
docker-hub-test: This job tests the Docker image built in the previous step by running the Squid service and checking if it can proxy an HTTPS request.
SquidParseConfig: This job checks the Squid configuration for syntax errors.
dive: This job analyse the layers of the Docker image using the tool Dive.
push-docker-hub: This job pushes the tested Docker image to Docker Hub, tagging it with the Squid version both as ‘latest’ and ‘amd64’.
docker-hub-build-arm: This job builds a Docker image for Squid for arm architecture and pushes it to Docker Hub.
docker-hub-test-arm: This job tests the Docker image built for arm architecture by running the Squid service and checking if it can proxy an HTTPS request.
dive-arm: This job analyses the layers of the Docker image for arm architecture using the tool Dive.
push-docker-hub-arm: This job pushes the tested Docker image to Docker Hub, tagging it with the Squid version both as ‘latest’ and ‘arm’.
chatgpt_analysis: This job uses OpenAI’s GPT-4 to generate an explanation of the pipeline jobs itself, saves the response as a markdown file and an HTML file, and then, uploads the HTML file to a server via SCP.
update_dockerhub_readme: This job updates the README on Docker Hub for the Squid image with the latest content of the README.md file in the repo.
This job is responsible for getting the latest version of the Squid proxy server. It uses curl to retrieve the latest release version from the Squid GitHub page and saves it to a file which is later used by the Docker build jobs.
export SQUID_VERSION=$(curl -LsXGET https://github.com/squid-cache/squid/releases/latest | grep -m 1 "Release" | cut -d " " -f4 |tr -d 'v')
echo "SQUID_VERSION=$SQUID_VERSION" > variables.envThis job checks Dockerfile for any style violations using the hadolint tool.
hadolint --ignore DL3008 Dockerfile This job builds a Docker image for Squid for amd64 architecture. It uses the Docker build command specifying the Squid version as a build arg, tags the resulting image, and pushes it to Docker Hub.
docker build --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_AMD64 .
docker push $CONTAINER_BUILD_NOPROD_NAME_AMD64This job tests the Docker image built in the previous step by running the Squid service and checking if it can proxy an HTTPS request.
export https_proxy=http://$CONTAINER_TEST_NAME:3128 && curl -k https://www.google.frThis job checks the Squid configuration for syntax errors. It runs the Squid binary with the -k parse option, which tests the configuration file for syntax errors.
/usr/sbin/squid -k parse /etc/squid/squid.confThis job analyse the layers of the Docker image using the tool Dive. This allows for a clear understanding of what is being added at each layer of the Docker image, which is useful for optimising the Dockerfile and making sure no unnecessary data is added to the image.
dive $CONTAINER_BUILD_NOPROD_NAME_AMD64This job pushes the tested Docker image to Docker Hub, tagging it with the Squid version and ‘latest’. It first pulls the image built in the docker-hub-build job and then push the image to Docker Hub with the appropriate tags.
docker pull $CONTAINER_BUILD_NOPROD_NAME_AMD64
docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:$SQUID_VERSION-amd64
docker push $HUB_REGISTRY_IMAGE:$SQUID_VERSION-amd64
docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:latest-amd64
docker push $HUB_REGISTRY_IMAGE:latest-amd64
docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:latest
docker push $HUB_REGISTRY_IMAGE:latestThis job builds a Docker image for Squid for arm architecture. It uses the Docker build command specifying the Squid version as a build arg, tags the resulting image, and pushes it to Docker Hub.
docker build -f Dockerfile --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_ARM .
docker push $CONTAINER_BUILD_NOPROD_NAME_ARMThis job tests the Docker image built for arm architecture by running the Squid service and checking if it can proxy an HTTPS request.
export https_proxy=http://$CONTAINER_TEST_NAME:3128 && curl -k https://www.google.frThis job analyses the layers of the Docker image for arm architecture using the tool Dive.
dive $CONTAINER_BUILD_NOPROD_NAME_ARMThis job pushes the tested Docker image to Docker Hub, tagging it with the Squid version and ‘arm’. It first pulls the image built in the docker-hub-build-arm job and then push the image to Docker Hub with the appropriate tags.
docker pull $CONTAINER_BUILD_NOPROD_NAME_ARM
docker tag $CONTAINER_BUILD_NOPROD_NAME_ARM $HUB_REGISTRY_IMAGE:$SQUID_VERSION-arm
docker push $HUB_REGISTRY_IMAGE:$SQUID_VERSION-arm
docker tag $CONTAINER_BUILD_NOPROD_NAME_ARM $HUB_REGISTRY_IMAGE:latest-arm
docker push $HUB_REGISTRY_IMAGE:latest-armThis job uses OpenAI’s GPT-4 to generate an explanation of the pipeline jobs itself, saves the response as a markdown file and an HTML file, and then, uploads the HTML file to a server via SCP.
This job updates the README on Docker Hub for the Squid image with the latest content of the README.md file in the repo.
The values of environment variables and file references in each job are explained as we progress along the pipeline in the previous section.
The ‘needs’ keyword is used in GitLab CI/CD yaml file to declare job dependencies. In the given pipeline, the docker-hub-build, docker-hub-build-arm, chatgpt_analysis and update_dockerhub_readme jobs depend on the getsquid_vars job to get the Squid version.
Furthermore, docker-hub-test replies on docker-hub-build job, push-docker-hub depends on docker-hub-test job, docker-hub-test-arm replies on docker-hub-build-arm job, and push-docker-hub-arm depends on docker-hub-test-arm job.
These dependencies ensure that a job only runs when its dependencies have completed successfully.
Each job in the pipeline produces a certain outcome or an artifact that is used by subsequent jobs in the pipeline. For example, the getsquid_vars job creates a variables.env file with the latest version of Squid, which is then used by the build jobs to define the SQUID_VERSION build arg for Docker.
In general, each build job is producing a Docker image that is tested in the next job and then pushed to Docker Hub in a later job. The chatgpt_analysis job creates markdown and HTML files for documenting the pipeline jobs.
The latest commit 777f616 titled README Auto update [skip ci] updates the README.md file of the repo with the latest version number of Squid. The [skip ci] in the commit message tells GitLab to not run CI/CD pipeline for this commit. This is useful because the commit is made by the getsquid_vars job itself, therefore, there’s no need to run the pipeline again for this commit.
This commit updating the README file is important for documentation purposes so that the version number in the README is always up to date with the latest version of Squid used in the Docker images.