forked from yvv/decision
ci: build local sans registry, pattern sejeteralo
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Suppression write-docker-creds et secrets docker_registry/username/password
- build-backend/frontend : docker build local sur sonic (docker.sock)
- sbom-generate : scan des images locales via docker.sock
- docker-compose.yml : ajout image: libredecision-{backend,frontend}:latest
- deploy : suppression docker compose pull (images locales)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
syoul
@@ -29,88 +29,43 @@ steps:
|
||||
- npm ci
|
||||
- npm run build
|
||||
|
||||
# NOTE: from_secret + pas de volumes : compatible
|
||||
- name: write-docker-creds
|
||||
image: alpine:3.20
|
||||
# NOTE: volumes + pas de from_secret : compatible
|
||||
- name: build-backend
|
||||
image: docker:27-cli
|
||||
depends_on:
|
||||
- test-backend
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
commands:
|
||||
- docker build -t libredecision-backend:latest -f docker/backend.Dockerfile --target production .
|
||||
- echo "Image backend construite"
|
||||
|
||||
# NOTE: volumes + pas de from_secret : compatible
|
||||
- name: build-frontend
|
||||
image: docker:27-cli
|
||||
depends_on:
|
||||
- test-frontend
|
||||
environment:
|
||||
REGISTRY:
|
||||
from_secret: docker_registry
|
||||
REGISTRY_USER:
|
||||
from_secret: docker_username
|
||||
REGISTRY_PASS:
|
||||
from_secret: docker_password
|
||||
commands:
|
||||
- echo "REGISTRY=$REGISTRY" > .docker-creds
|
||||
- echo "REGISTRY_USER=$REGISTRY_USER" >> .docker-creds
|
||||
- echo "REGISTRY_PASS=$REGISTRY_PASS" >> .docker-creds
|
||||
- echo "Docker creds ecrites"
|
||||
|
||||
# NOTE: volumes + pas de from_secret : compatible. Pas de privileged requis.
|
||||
- name: docker-backend
|
||||
image: docker:27-cli
|
||||
depends_on:
|
||||
- write-docker-creds
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
commands:
|
||||
- |
|
||||
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
|
||||
REGISTRY_USER=$(grep '^REGISTRY_USER=' .docker-creds | cut -d= -f2)
|
||||
REGISTRY_PASS=$(grep '^REGISTRY_PASS=' .docker-creds | cut -d= -f2)
|
||||
docker login "$REGISTRY" -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
|
||||
- |
|
||||
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
|
||||
SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
|
||||
REPO=$(echo "$CI_REPO" | tr 'A-Z' 'a-z')
|
||||
IMAGE="$REGISTRY/$REPO/backend"
|
||||
docker build -t "$IMAGE:latest" -t "$IMAGE:$SHA" \
|
||||
-f docker/backend.Dockerfile \
|
||||
--target production \
|
||||
.
|
||||
docker push "$IMAGE:latest"
|
||||
docker push "$IMAGE:$SHA"
|
||||
- docker build -t libredecision-frontend:latest -f docker/frontend.Dockerfile --target production .
|
||||
- echo "Image frontend construite"
|
||||
|
||||
# NOTE: volumes + pas de from_secret : compatible. Pas de privileged requis.
|
||||
- name: docker-frontend
|
||||
image: docker:27-cli
|
||||
depends_on:
|
||||
- write-docker-creds
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
commands:
|
||||
- |
|
||||
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
|
||||
REGISTRY_USER=$(grep '^REGISTRY_USER=' .docker-creds | cut -d= -f2)
|
||||
REGISTRY_PASS=$(grep '^REGISTRY_PASS=' .docker-creds | cut -d= -f2)
|
||||
docker login "$REGISTRY" -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
|
||||
- |
|
||||
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
|
||||
SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
|
||||
REPO=$(echo "$CI_REPO" | tr 'A-Z' 'a-z')
|
||||
IMAGE="$REGISTRY/$REPO/frontend"
|
||||
docker build -t "$IMAGE:latest" -t "$IMAGE:$SHA" \
|
||||
-f docker/frontend.Dockerfile \
|
||||
--target production \
|
||||
.
|
||||
docker push "$IMAGE:latest"
|
||||
docker push "$IMAGE:$SHA"
|
||||
|
||||
# SBOM — inventaire des dépendances (filesystem scan, pas de registry auth requis)
|
||||
# NOTE: volumes + pas de from_secret : compatible
|
||||
- name: sbom-generate
|
||||
image: alpine:3.20
|
||||
depends_on:
|
||||
- docker-backend
|
||||
- docker-frontend
|
||||
- build-backend
|
||||
- build-frontend
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
commands:
|
||||
- apk add --no-cache curl
|
||||
- curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin latest
|
||||
- mkdir -p .reports
|
||||
- syft dir:backend -o cyclonedx-json --file .reports/sbom-backend.cyclonedx.json
|
||||
- syft dir:frontend -o cyclonedx-json --file .reports/sbom-frontend.cyclonedx.json
|
||||
- echo "SBOM genere"
|
||||
- syft libredecision-backend:latest -o cyclonedx-json --file .reports/sbom-backend.cyclonedx.json
|
||||
- syft libredecision-frontend:latest -o cyclonedx-json --file .reports/sbom-frontend.cyclonedx.json
|
||||
- echo "SBOM generes"
|
||||
|
||||
# NOTE: volumes + pas de from_secret : compatible
|
||||
- name: sbom-scan
|
||||
@@ -197,7 +152,7 @@ steps:
|
||||
- cp .env.deploy /opt/libredecision/.env
|
||||
- chmod 600 /opt/libredecision/.env
|
||||
- cp docker/docker-compose.yml /opt/libredecision/docker-compose.yml
|
||||
- cd /opt/libredecision && docker compose pull
|
||||
# Images construites localement dans la pipeline : pas de docker compose pull
|
||||
- cd /opt/libredecision && docker compose up -d --remove-orphans
|
||||
- cd /opt/libredecision && docker compose ps
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ services:
|
||||
- libredecision
|
||||
|
||||
backend:
|
||||
image: libredecision-backend:latest
|
||||
build:
|
||||
context: ../
|
||||
dockerfile: docker/backend.Dockerfile
|
||||
@@ -47,6 +48,7 @@ services:
|
||||
- traefik
|
||||
|
||||
frontend:
|
||||
image: libredecision-frontend:latest
|
||||
build:
|
||||
context: ../
|
||||
dockerfile: docker/frontend.Dockerfile
|
||||
|
||||
Reference in New Issue
Block a user