Skip to content

Separate out docker push

This MR separates docker push into a separate job, to make pipelines cleaner.

The ideal workflow then looks something like this:

include:
  # https://computing.docs.ligo.org/gitlab-ci-templates/docker/
  - project: computing/gitlab-ci-templates
    file: docker.yml
  # https://docs.gitlab.com/ee/user/application_security/container_scanning/
  - template: Security/Container-Scanning.gitlab-ci.yml

stages:
  - build
  - check
  - deploy

# build the docker image
build:
  extends:
    # https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:build
    - .docker:build
  stage: build
  needs: []

# check the image for vulnerabilities, see
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
container_scanning:
  stage: check
  variables:
    CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE:latest
    DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

# tag the 'latest' image
push:
  extends:
    # https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:push
    - .docker:push
  stage: deploy
  variables:
    REGISTRY_TAG: 'latest'
  rules:
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
Edited by Duncan Macleod

Merge request reports

Loading