use new docker/cicd templates

closes #6

.gitlab-ci.yml

-stages:
-  - build
-  - scan
-  - deploy
-  - rebuild
-
 include:
-  # build and publish _this_ image
-  - local: '.gitlab/ci/build.yml'
-  # trigger rebuilds of downstream images
-  - local: '.gitlab/ci/trigger.yml'
+  # include the cicd project to auto-configure 'build',
+  # 'container_scanning', and 'push:*' jobs, and the
+  # '.trigger' job template
+  - project: docker/cicd
+    file: 'IGWN-Docker.gitlab-ci.yml'
+    inputs:
+      # the name of the (upstream) project
+      project-path: docker/base
+      # the name of the image on external registries
+      docker-io-repository: igwn/base
+      quay-io-repository: igwn/base
+
+# add a test job
+test:
+  image: "$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG"
+  script:
+    - dnf search lalsuite
+
+# -- trigger rebuilds of downstream pipelines
+
+# builder
+
+trigger:builder:
+  extends: .trigger
+  trigger:
+    project: docker/builder
+
+# koji
+
+trigger:koji:
+  extends: .trigger
+  trigger:
+    project: docker/koji-client
+    branch: el8
+
+# lalsuite-dev
+
+trigger:lalsuite-dev:
+  extends: .trigger
+  trigger:
+    project: docker/lalsuite-dev
+
+# packaging
+
+trigger:el8-production:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-production
+
+trigger:el8-production-staging:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-production-staging
+
+trigger:el8-testing:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-testing
+
+trigger:el8-staging:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-staging
+
+trigger:el8-resync:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-resync
+
+trigger:el8-resync-testing:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-resync-testing
+
+trigger:el8-resync-staging:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-resync-staging
+
+trigger:el8-development:
+  extends: .trigger
+  trigger:
+    project: docker/packaging
+    branch: el8-development

.gitlab/ci/build.yml

-# ---------------------------
-# Build workflow
-# ---------------------------
-
-include:
-  # https://computing.docs.ligo.org/gitlab-ci-templates/
-  - project: computing/gitlab-ci-templates
-    # https://computing.docs.ligo.org/gitlab-ci-templates/docker/
-    file: docker.yml
-  # https://docs.gitlab.com/ee/user/application_security/container_scanning/
-  - template: Security/Container-Scanning.gitlab-ci.yml
-
-# -- build the image --------
-
-build:
-  stage: build
-  extends:
-    # https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:build
-    - .docker:build
-  variables:
-    # use the branch name as the tag
-    CI_REGISTRY_TAG: '$CI_COMMIT_REF_SLUG'
-
-# -- scan the image ---------
-
-# check the image for vulnerabilities, see
-# https://docs.gitlab.com/ee/user/application_security/container_scanning/
-container_scanning:
-  stage: scan
-  needs: [build]
-  variables:
-    DOCKER_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG'
-
-# -- push the image ---------
-
-.push:
-  stage: deploy
-  needs: [build]
-  variables:
-    # pull the branch image
-    PULL_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
-    # push to igwn namespace
-    PUSH_IMAGE: "igwn/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG"
-  rules:
-    # only run on pushes to the upstream repo (not on forks)
-    - if: '$CI_PROJECT_NAMESPACE == "docker" && $CI_COMMIT_BRANCH'
-
-push:docker_io:
-  extends:
-    # https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:push:docker_io
-    - .docker:push:docker_io
-    - .push
-
-push:quay_io:
-  extends:
-    # https://computing.docs.ligo.org/gitlab-ci-templates/docker/#.docker:push:quay_io
-    - .docker:push:quay_io
-    - .push

.gitlab/ci/trigger.yml

-# ---------------------------
-# Downstream trigger workflow
-# ---------------------------
-
-.rebuild:
-  stage: rebuild
-  rules:
-    # only run on pushes to the upstream repo (not on forks)
-    - if: '$CI_PROJECT_NAMESPACE == "docker" && $CI_COMMIT_BRANCH'
-  trigger:
-    # default rebuilds to trigger on the same branch
-    branch: $CI_COMMIT_BRANCH
-
-# builder
-
-rebuild:builder:
-  extends: [.rebuild]
-  trigger:
-    project: docker/builder
-
-# koji
-
-rebuild:koji:
-  extends: [.rebuild]
-  trigger:
-    project: docker/koji-client
-    branch: el8
-
-# lalsuite-dev
-
-rebuild:lalsuite-dev:
-  extends: [.rebuild]
-  trigger:
-    project: docker/lalsuite-dev
-
-# packaging
-
-rebuild:el8-production:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-production
-
-rebuild:el8-production-staging:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-production-staging
-
-rebuild:el8-testing:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-testing
-
-rebuild:el8-staging:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-staging
-
-rebuild:el8-resync:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-resync
-
-rebuild:el8-resync-testing:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-resync-testing
-
-rebuild:el8-resync-staging:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-resync-staging
-
-rebuild:el8-development:
-  extends: [.rebuild]
-  trigger:
-    project: docker/packaging
-    branch: el8-development