-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
57 lines (49 loc) · 1.68 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
default:
tags:
- gitlab-runner
stages:
- auth
- build-and-push
gcp-auth:
image: "google/cloud-sdk:slim"
variables:
WORKLOAD_IDENTITY_PROVIDER: projects/907538893452/locations/global/workloadIdentityPools/gitlab/providers/gitlab-test
SERVICE_ACCOUNT_EMAIL: gitlab-test@gcp-test.iam.gserviceaccount.com
id_tokens:
GITLAB_OIDC_TOKEN:
aud: https://iam.googleapis.com/$WORKLOAD_IDENTITY_PROVIDER
script:
- |
echo "$GITLAB_OIDC_TOKEN" > gitlab-oidc-token.txt
gcloud iam workload-identity-pools create-cred-config $WORKLOAD_IDENTITY_PROVIDER \
--service-account=$SERVICE_ACCOUNT_EMAIL \
--service-account-token-lifetime-seconds=600 \
--output-file=credentials.json \
--credential-source-file=gitlab-oidc-token.txt
- export GOOGLE_APPLICATION_CREDENTIALS=credentials.json
- gcloud auth login --cred-file=credentials.json
- gcloud auth print-access-token > access-token.txt
stage: auth
artifacts:
expire_in: 10 mins
paths:
- access-token.txt
docker-build-and-push:
stage: build-and-push
image:
name: docker:stable
services:
- name: docker:dind
command: ["--tls=false"]
variables:
DOCKER_HOST: tcp://docker:2375/
REGISTRY_HOST: europe-west3-docker.pkg.dev
# Use the overlayfs driver for improved performance:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
before_script:
# Login to Google Cloud Registry
- cat access-token.txt | docker login -u oauth2accesstoken --password-stdin https://$REGISTRY_HOST
script:
- docker build -t $REGISTRY_HOST/gcp-test/images/test-image:latest .
- docker push $REGISTRY_HOST/gcp-test/images/test-image:latest