variables: REPO_NAME: git.ucode.space/Phil/goshorly DOCKER_BUILDKIT: 1 stages: - test - build check-format: image: golang:latest stage: test before_script: - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME - cd $GOPATH/src/$REPO_NAME script: - go fmt $(go list ./... | grep -v /vendor/) - go vet $(go list ./... | grep -v /vendor/) - go test -race $(go list ./... | grep -v /vendor/) only: - merge_requests check-gosec: image: golang:latest before_script: - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME - cd $GOPATH/src/$REPO_NAME script: - go install github.com/securego/gosec/v2/cmd/gosec@latest - go get -v -d . - gosec ./... only: - merge_requests docker-build-prod-latest: image: ezkrg/buildx stage: build services: - docker:dind before_script: - docker buildx create --use - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY script: - | docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ --push \ --tag $CI_REGISTRY_IMAGE:latest \ . only: - main docker-build-prod-tagged: image: ezkrg/buildx stage: build services: - docker:dind before_script: - docker buildx create --use - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY script: - | docker buildx build \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ --push \ --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \ . only: - tags except: - branches docker-build-dry-run: image: docker:latest stage: build services: - docker:dind script: - | if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then tag="" echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" else tag=":$CI_COMMIT_REF_SLUG" echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" fi - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . only: - merge_requests include: - template: Security/SAST.gitlab-ci.yml - template: Security/SAST-IaC.latest.gitlab-ci.yml