Separate out docker push
This MR separates docker push
into a separate job, to make pipelines cleaner.
The ideal workflow then looks something like this:
include:
# https://computing.docs.ligo.org/gitlab-ci-templates/docker/
- project: computing/gitlab-ci-templates
file: docker.yml
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
- template: Security/Container-Scanning.gitlab-ci.yml
stages:
- build
- check
- deploy
# build the docker image
build:
extends:
# https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:build
- .docker:build
stage: build
needs: []
# check the image for vulnerabilities, see
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
container_scanning:
stage: check
variables:
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE:latest
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# tag the 'latest' image
push:
extends:
# https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:push
- .docker:push
stage: deploy
variables:
REGISTRY_TAG: 'latest'
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
Edited by Duncan Macleod