Simple GitLab CI Docker Build Pipeline#
Defined in a Gitlab CI workflow is this rule which outlines if a merge request (MR) is made on the main branch, and either changes to Dockerfile or entrypoint.sh are included, then run build image with container scanning pipeline.
rules:
- if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"
changes:
- Dockerfile
- entrypoint.sh
when: always
- when: never
Build image pipeline leverage Docker image to build a Docker container for the Unifi Network application. The script captures an IMAGE_TAG from a string in the Dockerfile for the version of Unifi being installed. Next, Docker is used to build the image with tags to identify the version and set it as the latest release. Finally, Docker authenticates to the GitLab container registry for the project with the defined CI/CD Job Token and pushes the container to the registry, making it available for deployment.
build_image:
image: docker:28.1.1
stage: build
services:
- docker:28.1.1-dind
variables:
COMMIT_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script:
- IMAGE_TAG=$(grep -E -o "(UNIFI_VERSION)\s(.*)" Dockerfile | cut -d\" -f2)
- docker build >-
--tag $CI_REGISTRY_IMAGE:latest >-
--tag $CI_REGISTRY_IMAGE:$IMAGE_TAG >-
--file Dockerfile .
- docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY
- docker push --all-tags $CI_REGISTRY_IMAGE
The pipeline completes with a vulnerability scan of the latest tagged and published container using Trivy. Resutls are displayed on through the Jobs console log output.
include:
- component: gitlab.com/components/container-scanning/[email protected]
container_scanning:
variables:
CS_SEVERITY_THRESHOLD: LOW
SECURE_LOG_LEVEL: 'info'
CS_IMAGE: $CI_REGISTRY_IMAGE:latest
Architecture Diagram#
