Below are the jobs in the pipeline:
hadolint..gitlab-ci.yml file.The Quality job serves to improve the quality of
Dockerfiles in this project. It uses Docker, specifically an image
called hadolint/hadolint:latest-debian, which is a linter
for Dockerfiles. The script section of this job runs the
command hadolint --ignore DL3008 Dockerfile which checks
the Dockerfile for any common mistakes and gives suggestions for
improvements.
hadolint:
image: hadolint/hadolint:latest-debian
stage: Quality
before_script:
- cd $CI_PROJECT_DIR
script:
- hadolint --ignore DL3008 Dockerfile The get-version job fetches the latest version of Squid,
which is a caching and forwarding HTTP web proxy, and sets the
SQUID_VERSION environment variable, which will be used to
pull the specified version. It also modifies the README.md file to
reflect the updated version and commits the changes.
getsquid_vars:
stage: Get-version
image:
name: $CONTAINER_CLIENT_IMAGE
artifacts:
expire_in: 1 hour
paths:
- variables.env
script:
- apt update && apt install git curl ca-certificates -y --no-upgrade --no-install-recommends --no-install-suggests
- export SQUID_VERSION=$(curl -LsXGET https://github.com/squid-cache/squid/releases/latest | grep -m 1 "Release" | cut -d " " -f4 |tr -d 'v')
- echo "SQUID_VERSION=$SQUID_VERSION" > variables.envThe Docker-hub-build job builds Docker images using the
Dockerfile provided in the project. It uses the docker:dind
image, which stands for Docker-in-Docker, allowing the container to have
full access to Docker. This job pulls the Squid version specified by the
SQUID_VERSION variable, then pushes the Docker image to
Docker Hub.
docker-hub-build:
stage: Docker-hub-build
image: docker:dind
needs:
- getsquid_vars
artifacts:
expire_in: 2 hours
paths:
- $CI_PROJECT_DIR
timeout: 3 hours
script:
- docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_TOKEN" $DOCKER_HUB_REGISTRY
- source variables.env
- docker build --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_AMD64 .
- docker push $CONTAINER_BUILD_NOPROD_NAME_AMD64The Docker-hub-test job tests the functionality of the
Docker image built in the previous stage. It specifically tests whether
the installed Squid server is working by testing the proxy connection
using the curl command.
docker-hub-test:
stage: Docker-hub-test
extends: .services-amd64
before_script:
- apt update && apt install -y curl --no-upgrade --no-install-recommends --no-install-suggests
script:
- export https_proxy=http://$CONTAINER_TEST_NAME:3128 && curl -k https://www.google.fr
variables:
HOSTNAME: squidpipeline
needs: ["docker-hub-build"]The Docker-hub-push job pushes the Docker image built in
the Docker-hub-build stage to Docker Hub. It creates tags
for the image with the version of Squid and pushes these images to
Docker Hub.
push-docker-hub:
stage: Docker-hub-pushtag
image: docker:dind
needs:
- docker-hub-test
- getsquid_vars
script:
- source variables.env
- docker pull $CONTAINER_BUILD_NOPROD_NAME_AMD64
- docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:$SQUID_VERSION-amd64
- docker push $HUB_REGISTRY_IMAGE:$SQUID_VERSION-amd64
- docker tag $CONTAINER_BUILD_NOPROD_NAME_AMD64 $HUB_REGISTRY_IMAGE:latest-amd64
- docker push $HUB_REGISTRY_IMAGE:latest-amd64The Docker-hub-build-arm job is very similar to the
Docker-hub-build job, with the main difference being that
it builds Docker images for the ARM architecture. This is an important
step when distributing Docker images for different machine
architectures, allowing the Squid application to be run on different
systems.
docker-hub-build-arm:
stage: Docker-hub-build
image: docker:19.03.8-dind
needs:
- getsquid_vars
artifacts:
expire_in: 2 hours
paths:
- $CI_PROJECT_DIR
timeout: 3 hours
script:
- source variables.env
- docker build -f Dockerfile --build-arg SQUID_VERSION=$SQUID_VERSION --pull -t $CONTAINER_BUILD_NOPROD_NAME_ARM .
- docker push $CONTAINER_BUILD_NOPROD_NAME_ARM
tags:
- armThe Docker-hub-test-arm job once again mirrors the AMD64
Docker-hub-test job, but this time tests the ARM build of
the Docker image.
docker-hub-test-arm:
stage: Docker-hub-test
extends: .services-arm
tags:
- arm
script:
- apt update && apt install -y curl --no-upgrade --no-install-recommends --no-install-suggests
- export https_proxy=http://$CONTAINER_TEST_NAME:3128 && curl -k https://www.google.frThe Docker-hub-pushtag-arm job mirrors the AMD64
Docker-hub-push job and pushes to Docker Hub the Docker
image built for the ARM architecture.
push-docker-hub-arm:
stage: Docker-hub-pushtag
image: docker:dind
needs:
- docker-hub-test-arm
- getsquid_vars
script:
- source variables.env
- docker pull $CONTAINER_BUILD_NOPROD_NAME_ARM
- docker tag $CONTAINER_BUILD_NOPROD_NAME_ARM $HUB_REGISTRY_IMAGE:$SQUID_VERSION-arm
- docker push $HUB_REGISTRY_IMAGE:$SQUID_VERSION-armThe final Docs job updates the project README on Docker
Hub with the details of the current build.
update_dockerhub_readme:
image:
name: $CONTAINER_CLIENT_IMAGE
stage: Docs
script:
- README_CONTENT=$(cat README.md)
- PAYLOAD=$(jq -n --arg desc "$README_CONTENT" '{"full_description":$desc}')
- TOKEN=$(curl -v -s -X POST -H "Content-Type:application/json" -d '{"username":"'"$DOCKER_HUB_USER"'","password":"'"$DOCKER_HUB_PASSWORD"'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)
- curl -X PATCH -H "Authorization:JWT $TOKEN" -H "Content-Type:application/json" -d "$PAYLOAD" https://hub.docker.com/v2/repositories/$HUB_REGISTRY_IMAGEThe GitLab pipeline uses several parameters, environment variables, and file references throughout these jobs. Examples include:
$CI_BUILDS_DIR: This is an environment variable
denoting the directory to which the repository is cloned.$CI_PROJECT_DIR: This is an environment variable in
GitLab CI denoting the full path where the repository is cloned.variables.env: This file is generated in the
get-version job and contains the variable
SQUID_VERSION, which represents the version of Squid
fetched from the GitHub API. The file is then used in the subsequent
jobs to build, test, and push the Docker image.The needs keyword is used to specify the jobs that must
be completed before a subsequent job begins.
For example, the docker-hub-build job needs the
getsquid_vars job to be finished, because it needs the
SQUID_VERSION environment variable that the
getsquid_vars job generates.
Similarly, the docker-hub-test job needs
docker-hub-build to be done first, as it tests the Docker
image that the docker-hub-build job builds. The same
applies to the docker-hub-pushtag job, as it needs to push
the Docker image tested by docker-hub-test.
The Quality and Get-version jobs provide
artifacts that are used by other jobs in the pipeline.
The Quality job provides the DOCKERFILE
that is linted to be used by the docker-hub-build and
docker-hub-build-arm jobs.
The Get-version job provides the
variables.env file, an artifact containing the
SQUID_VERSION environment variable, which is used by
several jobs, including docker-hub-build,
docker-hub-test, and docker-hub-pushtag.
After their execution, the Docker-related jobs provide Docker images as artifacts that are pushed to Docker Hub.
The latest commit as of the provided .gitlab-ci.yml file is
7e45342 README Auto update [skip ci]. This commit updates
the README file with the latest Squid version fetched from GitHub, and
uses [skip ci] to skip triggering any further CI/CD
pipelines than necessary for this minor change. This keeps the project’s
pipelines efficient and avoids excessive resource usage.