stages:
- Tests
- Documentation
- Release
- Build Release
- Other
variables:
project_name: "$CI_PROJECT_NAME"
SEMANTIC_RELEASE_PACKAGE: "$CI_PROJECT_NAME"
SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
SAST_EXCLUDED_ANALYZERS: ""
SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
SCAN_KUBERNETES_MANIFESTS: "false"
SECRETS_ANALYZER_VERSION: "3"
SECRET_DETECTION_EXCLUDED_PATHS: ""
services:
- name: ghcr.io/griefed/gitlab-ci-cd:2.0.9
alias: docker
workflow:
rules:
- if: '$CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
when: never
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
when: never
- when: always
sast:
stage: Tests
artifacts:
reports:
sast: gl-sast-report.json
rules:
- when: never
variables:
SEARCH_MAX_DEPTH: 4
script:
- echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed"
- exit 1
.sast-analyzer:
extends: sast
allow_failure: true
# `rules` must be overridden explicitly by each child job
# see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
script:
- /analyzer run
eslint-sast:
extends: .sast-analyzer
image:
name: "$SAST_ANALYZER_IMAGE"
variables:
SAST_ANALYZER_IMAGE_TAG: 2
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DISABLED
when: never
- if: $SAST_EXCLUDED_ANALYZERS =~ /eslint/
when: never
- if: $CI_COMMIT_BRANCH
exists:
- '**/*.html'
- '**/*.js'
- '**/*.jsx'
- '**/*.ts'
- '**/*.tsx'
nodejs-scan-sast:
extends: .sast-analyzer
image:
name: "$SAST_ANALYZER_IMAGE"
variables:
SAST_ANALYZER_IMAGE_TAG: 2
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DISABLED
when: never
- if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/
when: never
- if: $CI_COMMIT_BRANCH
exists:
- '**/package.json'
semgrep-sast:
extends: .sast-analyzer
image:
name: "$SAST_ANALYZER_IMAGE"
variables:
SAST_ANALYZER_IMAGE_TAG: 2
SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG"
rules:
- if: $SAST_DISABLED
when: never
- if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
when: never
- if: $CI_COMMIT_BRANCH
exists:
- '**/*.py'
- '**/*.js'
- '**/*.jsx'
- '**/*.ts'
- '**/*.tsx'
- '**/*.c'
- '**/*.go'
.secret-analyzer:
stage: Tests
image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
services: []
allow_failure: true
# `rules` must be overridden explicitly by each child job
# see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
artifacts:
reports:
secret_detection: gl-secret-detection-report.json
secret_detection:
extends: .secret-analyzer
rules:
- if: $SECRET_DETECTION_DISABLED
when: never
- if: $CI_COMMIT_BRANCH
script:
- if [ -n "$CI_COMMIT_TAG" ]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi
- if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then echo "Running Secret Detection on default branch."; /analyzer run; exit 0; fi
- git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME
- git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt
- export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt
- /analyzer run
- rm "$CI_COMMIT_SHA"_commit_list.txt
Gradle Test:
stage: Tests
image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.12
before_script:
- echo "**** Running in $CI_JOB_ID ****"
- echo "**** Java location ****"
- which java
- echo "**** Java version ****"
- java -version
- echo "**** Allowing execution of gradlew ****"
- chmod +x gradlew
- echo "**** Ensure clean environment ****"
- "./gradlew clean"
script:
- echo "**** Building REPOSITORY ****"
- "./gradlew build --info --full-stacktrace"
- echo "**** Listing build directory ****"
- LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/jacoco/test
- LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs
- cat build/jacoco/test/html/index.html | grep -o 'Total[^%]*%'
- echo "**** Renaming files to please the eye ****"
#- mv build/libs/${CI_PROJECT_NAME}.exe build/libs/ServerPackCreator-$CI_COMMIT_REF_NAME.exe
- mv build/libs/docker-template-repo.jar build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.jar
coverage: '/Total.*?([0-9]{1,3})%/'
# artifacts:
# paths:
# #- build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.exe
# - build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.jar
# - build/jacoco/test/jacocoTestReport.xml
# - build/reports/tests/test
# expire_in: 1 week
#Docker Test:
# stage: Tests
# image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
# before_script:
# - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io
# - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io
# - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# - docker buildx create --use --name grfdbuilder
# script:
# - docker buildx build --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64
# --build-arg BRANCH_OR_TAG=$CI_COMMIT_REF_NAME
# --build-arg HOSTER=$CI_SERVER_HOST
# --file Dockerfile .
# rules:
# - if: '$CI_SERVER_HOST == "git.griefed.de"' # Remove once GitLab no longer throws javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
#Generate Release:
# stage: Release
# needs:
# - job: Gradle Test
# artifacts: false
# - job: Docker Test
# artifacts: false
# - job: eslint-sast
# artifacts: false
# - job: nodejs-scan-sast
# artifacts: false
# - job: semgrep-sast
# artifacts: false
# - job: secret_detection
# artifacts: false
# image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
# script:
# - npx semantic-release
# rules:
# - if: '$CI_COMMIT_BRANCH == "alpha" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"'
# - if: '$CI_COMMIT_BRANCH == "beta" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"'
# - if: '$CI_COMMIT_BRANCH == "main" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#Build Release:
# stage: Build Release
# image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.3
# needs:
# - job: release_job
# optional: true
# artifacts: false
# before_script:
# - echo "**** Running in $CI_JOB_ID ****"
# - echo "**** Java location ****"
# - which java
# - echo "**** Java version ****"
# - java -version
# - echo "**** Allowing execution of gradlew ****"
# - chmod +x gradlew
# - echo "**** Ensure clean environment ****"
# - "./gradlew about"
# - echo "version=${CI_COMMIT_TAG}" > backend/main/resources/VERSION.txt
# script:
# - echo "**** Building ServerPackCreator ****"
# - "./gradlew installQuasar cleanFrontend assembleFrontend copyDist build createExe -Pversion=${CI_COMMIT_TAG} --info --full-stacktrace -x test"
# - echo "**** Listing build directory ****"
# - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build
# - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs
# - LC_COLLATE=C ls -ah --group-directories-first --color=auto build/libs/libraries
# - echo "**** Renaming files to please the eye ****"
# - mv build/libs/${CI_PROJECT_NAME}.exe build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe
# - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs
# - echo "**** Uploading packages ****"
# - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe
# "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe"'
# - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar
# "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar"'
# - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar
# "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar"'
# - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar
# "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar"'
# - echo "**** Create asset links ****"
# - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
# --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe"
# --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
# - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
# --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar"
# --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
# - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
# --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar"
# --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
# - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}"
# --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar"
# --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"'
# rules:
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/'
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/'
#Publish Maven Artifacts:
# stage: Build Release
# image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.3
# before_script:
# - echo "**** Running in $CI_JOB_ID ****"
# - echo "**** Java location ****"
# - which java
# - echo "**** Java version ****"
# - java -version
# - echo "**** Allowing execution of gradlew ****"
# - chmod +x gradlew
# - echo "**** Ensure clean environment ****"
# - "./gradlew clean"
# script:
# - echo "**** Publishing Maven Artifacts ****"
# - "./gradlew publish -Pversion=${CI_COMMIT_TAG} -x test --info --stacktrace"
# rules:
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#Build Docker Release:
# stage: Build Release
# image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
# before_script:
# - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io
# - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io
# - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# - docker buildx create --use --name grfdbuilder
# script:
# - docker buildx build --push --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64
# --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
# --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:latest"
# --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
# --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:latest"
# --build-arg BRANCH_OR_TAG=$CI_COMMIT_TAG
# --build-arg HOSTER=$CI_SERVER_HOST
# --build-arg VERSION=$CI_COMMIT_TAG
# --file Dockerfile .
# rules:
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#Build Docker PreRelease:
# stage: Build Release
# image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
# before_script:
# - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io
# - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io
# - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# - docker buildx create --use --name grfdbuilder
# script:
# - docker buildx build --push --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64
# --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
# --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG"
# --build-arg BRANCH_OR_TAG=$CI_COMMIT_TAG
# --build-arg HOSTER=$CI_SERVER_HOST
# --build-arg VERSION=$CI_COMMIT_TAG
# --file Dockerfile .
# rules:
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"'
#Inform About Release:
# stage: Build Release
# image: ghcr.io/griefed/gitlab-ci-cd:2.0.0
# needs:
# - job: Build Release
# artifacts: false
# - job: Build Docker Release
# artifacts: false
# optional: true
# - job: Build Docker PreRelease
# artifacts: false
# optional: true
# script:
# - /discord.sh
# --webhook-url="$WEBHOOK_URL"
# --username "$CI_PROJECT_TITLE"
# --avatar "https://i.griefed.de/images/2020/11/18/Prosper_Docker_300x300.png"
# --text "There's been a new release for ${CI_PROJECT_TITLE}. The new version is ${CI_COMMIT_TAG} and is available at <${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}>"
# --title "New ${CI_PROJECT_TITLE} Release"
# --description "There's been a new release for ${CI_PROJECT_TITLE}. The new version is ${CI_COMMIT_TAG} and is available at ${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}"
# --color "0xC0FFEE"
# --url "${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}"
# --author "Griefed"
# --author-url "https://${CI_SERVER_HOST}/Griefed"
# --author-icon "https://i.griefed.de/images/2022/01/21/sam_1500x1500.th.jpg"
# --image "https://i.griefed.de/images/2021/05/08/app.png"
# --thumbnail "https://i.griefed.de/images/2020/11/18/Prosper_Docker_300x300.th.png"
# --field "Author;[Griefed](https://${CI_SERVER_HOST}/Griefed)"
# --field "Platform;[${CI_SERVER_HOST}](https://${CI_SERVER_HOST})"
# --footer "Released at $CI_JOB_STARTED_AT"
# --footer-icon "https://i.griefed.de/images/2022/01/21/start_generation.png"
# rules:
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/'
# - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/'
coverage:
stage: Other
image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.8
allow_failure: true
script:
- python /opt/cover2cover.py build/jacoco/test/jacocoTestReport.xml $CI_PROJECT_DIR/backend/main/java/ > build/cobertura.xml || true
- python /opt/source2filename.py build/cobertura.xml || true
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: build/cobertura.xml
Gradle Dependency-Checks:
image: griefed/baseimage-ubuntu-jdk-8:2.0.12
stage: Other
allow_failure: true
before_script:
- echo "**** Running in $CI_JOB_ID ****"
- echo "**** Java location ****"
- which java
- echo "**** Java version ****"
- java -version
- echo "**** Allowing execution of gradlew ****"
- chmod +x gradlew
- echo "**** Ensure clean environment ****"
- ./gradlew clean
script:
- echo "**** Checking for dependency updates ****"
- ./gradlew dependencyUpdates --info
artifacts:
paths:
- build/dependencyUpdates/report.txt
expire_in: 1 week
#release_job:
# stage: Release
# image: registry.gitlab.com/gitlab-org/release-cli:latest
# rules:
# - if: '$CI_COMMIT_TAG && $CI_SERVER_HOST == "gitlab.com"'
# script:
# - echo "Running the release job to mirror release generation from parent repository."
# release:
# tag_name: $CI_COMMIT_TAG
# name: 'Release $CI_COMMIT_TAG'
# description: './CHANGELOG.md'
#pages:
# # IF JAVA PROJECT
# image: griefed/baseimage-ubuntu-jdk-8:1.0.5
# stage: Documentation
# services:
# - name: griefed/gitlab-ci-cd:1.0.4
# alias: docker
# variables:
# project_name: $CI_PROJECT_NAME
# SEMANTIC_RELEASE_PACKAGE: $CI_PROJECT_NAME
# before_script:
# - which java
# - chmod +x gradlew
# - ./gradlew clean
# script:
# - ./gradlew javaDoc --info -x test
# - cp -Rf build/docs/javadoc public
# - LC_COLLATE=C ls -ahl --group-directories-first --color=auto
# public
# only:
# - master
# - main
# artifacts:
# paths:
# - public
# expire_in: 1 week
#
# # IF QUASAR PROJECT
# image: griefed/gitlab-ci-cd:1.0.4
# stage: build
# cache:
# paths:
# - node_modules/
# before_script:
# - npm install
# - rm -Rf dist
# script:
# - quasar build
# - cp -Rf dist/spa/* public/
# artifacts:
# paths:
# - public
# expire_in: 1 week
# rules:
# - if: "$CI_SERVER_HOST =~ /git.griefed.de/"
# Check Packages:on-schedule:
# only:
# - schedules
# before_script:
# - |-
# echo "Preparing package versions comparison."
# # Check and, if necessary, update git user and mail
# if [[ "$(git config --list | grep user.name)" != "user.name=$GIT_USER" ]];then
# git config --global user.name $GIT_USER
# fi
# if [[ "$(git config --list | grep user.email)" != "user.email=$GIT_MAIL" ]];then
# git config --global user.email $GIT_MAIL
# fi
#
# # Clean system of potentially interrupting images
# docker image rm -f $DOCKERHUB_USER/$DOCKERHUB_REPO:latest
# docker image rm -f $DOCKERHUB_REPO
# rm -rf /tmp/$CI_PROJECT_PATH
# mkdir -p /tmp/$CI_PROJECT_PATH
# echo "Preparations complete."
# script:
# - |-
# echo "Comparing package versions." && \
# # Clone the repository
# git clone $CI_PROJECT_URL.git /tmp/$CI_PROJECT_PATH && \
# cd /tmp/$CI_PROJECT_PATH && \
#
# if [ ! -s "package_versions.txt" ];then
# echo "No package_versions.txt available..." && \
#
# # Gather package information from latest build
# docker run --rm --entrypoint /bin/sh -v /tmp/$CI_PROJECT_PATH:/tmp $DOCKERHUB_USER/$DOCKERHUB_REPO:latest -c '\
# apk info -v > /tmp/package_versions.txt && \
# sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \
# chmod 777 /tmp/package_versions.txt' && \
#
# # Checkout our branch
# git checkout -f $CI_DEFAULT_BRANCH && \
#
# wait && \
#
# # Add and commit new file to repository
# git add package_versions.txt && \
# git commit -m 'chore: Add list of package versions.' && \
#
# # Push the changes to the remote
# git push "https://$GIT_USER:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git" --all && \
#
# # Nice
# echo "package_versions.txt added."
#
# elif [ -s "package_versions.txt" ];then
# echo "Local package_versions.txt available..." && \
#
# # Build local image for new package versions list
# docker build --no-cache --tag $DOCKERHUB_REPO . && \
#
# # Get packages from newly build local image
# docker run --rm --entrypoint /bin/sh -v /tmp/$CI_PROJECT_PATH:/tmp $DOCKERHUB_REPO -c '\
# apk info -v > /tmp/package_versions_new.txt && \
# sort -o /tmp/package_versions_new.txt /tmp/package_versions_new.txt && \
# chmod 777 /tmp/package_versions_new.txt' && \
#
# # Get checksum of old packages
# OLD_CHECKSUM=$(md5sum package_versions.txt | cut -f1 -d" ") && \
#
# # Get checksum of new packages
# NEW_CHECKSUM=$(md5sum package_versions_new.txt | cut -f1 -d" ")
#
#
#
# # If new checksum is not the same as old checksum, we have new versions
# if [ "${OLD_CHECKSUM}" != "${NEW_CHECKSUM}" ]; then
#
# echo "Checksums differ. Updating..." && \
#
# # Checkout our branch
# git checkout -f $CI_DEFAULT_BRANCH && \
#
# # Copy the new package versions list to repository
# mv -f package_versions_new.txt package_versions.txt && \
#
# wait && \
#
# # Add and commit new file to repository
# git add package_versions.txt && \
# git commit -m 'build: Update installed packages in Docker container.' && \
#
# # Push the changes to the remote
# git push "https://$GIT_USER:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git" --all && \
#
# # Nice
# echo "Packages updated."
# else
# echo "No package updates available."
# fi
#
# fi
# echo "Comparison complete."
# after_script:
# - |-
# echo "Cleaning up."
# docker image rm -f $DOCKERHUB_USER/$DOCKERHUB_REPO:latest
# docker image rm -f $DOCKERHUB_REPO
# rm -rf /tmp/$CI_PROJECT_PATH
# echo "Done."