datadog-lambda-extension/.gitlab-ci.yml at main · DataDog/datadog-lambda-extension · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
variables:
  DOCKER_TARGET_IMAGE: registry.ddbuild.io/ci/datadog-lambda-extension
  DOCKER_TARGET_VERSION: latest
  # Default version for development builds
  # This will be overwritten by the tag version if it is a release.
  VERSION: dev
  # Manual trigger variables
  PIPELINE_LAYER_SUFFIX:
    description: "Suffix to be appended to the layer name (default empty)."
    value: ""

stages:
  - prepare
  - generate
  - run

ci image:
  stage: prepare
  image: registry.ddbuild.io/images/docker:20.10
  tags: ["arch:arm64"]
  rules:
    - if: '$CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push"'
      changes:
        - .gitlab/Dockerfile
      when: on_success
  id_tokens:
    DDSIGN_ID_TOKEN:
      aud: image-integrity
  variables:
    DOCKER_TARGET: ${DOCKER_TARGET_IMAGE}:${DOCKER_TARGET_VERSION}
  script:
    - METADATA_FILE=$(mktemp)
    - docker buildx build --platform linux/amd64,linux/arm64 --no-cache --pull --push --tag ${DOCKER_TARGET} --metadata-file ${METADATA_FILE} -f .gitlab/Dockerfile .
    - ddsign sign ${DOCKER_TARGET} --docker-metadata-file ${METADATA_FILE}

.go-cache: &go-cache
  key: datadog-lambda-extension-go-cache
  policy: pull

generator:
  stage: generate
  image: registry.ddbuild.io/images/mirror/golang:alpine
  tags: ["arch:amd64"]
  cache: *go-cache
  artifacts:
    paths:
      - .gitlab/pipeline.yaml
    reports:
      dotenv: .env
  script:
    - if [[ "$CI_COMMIT_TAG" =~ ^v[0-9]+$ ]]; then echo "VERSION=${CI_COMMIT_TAG//[!0-9]/}" >> .env; fi
    - apk add --no-cache gomplate
    - gomplate --config .gitlab/config.yaml

generated pipeline:
  stage: run
  trigger:
    include:
      - artifact: .gitlab/pipeline.yaml
        job: generator
    strategy: depend
    forward:
      yaml_variables: true
      # Without this pipeline_variables: true bit the pipeline we trigger will
      # not get the variables that we set as part of our release process in our
      # manual pipeline runs.
      pipeline_variables: true
  needs:
    - job: generator
      artifacts: true
  rules:
    - when: on_success