stages: - Tests - Documentation - Release - Build Release - Other variables: project_name: "$CI_PROJECT_NAME" SEMANTIC_RELEASE_PACKAGE: "$CI_PROJECT_NAME" SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" SAST_EXCLUDED_ANALYZERS: "" SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" SCAN_KUBERNETES_MANIFESTS: "false" SECRETS_ANALYZER_VERSION: "3" SECRET_DETECTION_EXCLUDED_PATHS: "" services: - name: ghcr.io/griefed/gitlab-ci-cd:2.0.9 alias: docker workflow: rules: - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "detached"' when: never - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' when: never - when: always sast: stage: Tests artifacts: reports: sast: gl-sast-report.json rules: - when: never variables: SEARCH_MAX_DEPTH: 4 script: - echo "$CI_JOB_NAME is used for configuration only, and its script should not be executed" - exit 1 .sast-analyzer: extends: sast allow_failure: true # `rules` must be overridden explicitly by each child job # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444 script: - /analyzer run eslint-sast: extends: .sast-analyzer image: name: "$SAST_ANALYZER_IMAGE" variables: SAST_ANALYZER_IMAGE_TAG: 2 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/eslint:$SAST_ANALYZER_IMAGE_TAG" rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /eslint/ when: never - if: $CI_COMMIT_BRANCH exists: - '**/*.html' - '**/*.js' - '**/*.jsx' - '**/*.ts' - '**/*.tsx' nodejs-scan-sast: extends: .sast-analyzer image: name: "$SAST_ANALYZER_IMAGE" variables: SAST_ANALYZER_IMAGE_TAG: 2 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/ when: never - if: $CI_COMMIT_BRANCH exists: - '**/package.json' semgrep-sast: extends: .sast-analyzer image: name: "$SAST_ANALYZER_IMAGE" variables: SAST_ANALYZER_IMAGE_TAG: 2 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG" rules: - if: $SAST_DISABLED when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never - if: $CI_COMMIT_BRANCH exists: - '**/*.py' - '**/*.js' - '**/*.jsx' - '**/*.ts' - '**/*.tsx' - '**/*.c' - '**/*.go' .secret-analyzer: stage: Tests image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION" services: [] allow_failure: true # `rules` must be overridden explicitly by each child job # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444 artifacts: reports: secret_detection: gl-secret-detection-report.json secret_detection: extends: .secret-analyzer rules: - if: $SECRET_DETECTION_DISABLED when: never - if: $CI_COMMIT_BRANCH script: - if [ -n "$CI_COMMIT_TAG" ]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi - if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then echo "Running Secret Detection on default branch."; /analyzer run; exit 0; fi - git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME - git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt - export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt - /analyzer run - rm "$CI_COMMIT_SHA"_commit_list.txt Gradle Test: stage: Tests image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.12 before_script: - echo "**** Running in $CI_JOB_ID ****" - echo "**** Java location ****" - which java - echo "**** Java version ****" - java -version - echo "**** Allowing execution of gradlew ****" - chmod +x gradlew - echo "**** Ensure clean environment ****" - "./gradlew clean" script: - echo "**** Building REPOSITORY ****" - "./gradlew build --info --full-stacktrace" - echo "**** Listing build directory ****" - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/jacoco/test - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs - cat build/jacoco/test/html/index.html | grep -o 'Total[^%]*%' - echo "**** Renaming files to please the eye ****" #- mv build/libs/${CI_PROJECT_NAME}.exe build/libs/ServerPackCreator-$CI_COMMIT_REF_NAME.exe - mv build/libs/docker-template-repo.jar build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.jar coverage: '/Total.*?([0-9]{1,3})%/' # artifacts: # paths: # #- build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.exe # - build/libs/${CI_PROJECT_NAME}-$CI_COMMIT_REF_NAME.jar # - build/jacoco/test/jacocoTestReport.xml # - build/reports/tests/test # expire_in: 1 week #Docker Test: # stage: Tests # image: ghcr.io/griefed/gitlab-ci-cd:2.0.0 # before_script: # - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io # - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io # - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes # - docker buildx create --use --name grfdbuilder # script: # - docker buildx build --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64 # --build-arg BRANCH_OR_TAG=$CI_COMMIT_REF_NAME # --build-arg HOSTER=$CI_SERVER_HOST # --file Dockerfile . # rules: # - if: '$CI_SERVER_HOST == "git.griefed.de"' # Remove once GitLab no longer throws javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake #Generate Release: # stage: Release # needs: # - job: Gradle Test # artifacts: false # - job: Docker Test # artifacts: false # - job: eslint-sast # artifacts: false # - job: nodejs-scan-sast # artifacts: false # - job: semgrep-sast # artifacts: false # - job: secret_detection # artifacts: false # image: ghcr.io/griefed/gitlab-ci-cd:2.0.0 # script: # - npx semantic-release # rules: # - if: '$CI_COMMIT_BRANCH == "alpha" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"' # - if: '$CI_COMMIT_BRANCH == "beta" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"' # - if: '$CI_COMMIT_BRANCH == "main" && $CI_COMMIT_TITLE !~ /^RELEASE:.+$/ && $CI_SERVER_HOST == "git.griefed.de"' #Build Release: # stage: Build Release # image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.3 # needs: # - job: release_job # optional: true # artifacts: false # before_script: # - echo "**** Running in $CI_JOB_ID ****" # - echo "**** Java location ****" # - which java # - echo "**** Java version ****" # - java -version # - echo "**** Allowing execution of gradlew ****" # - chmod +x gradlew # - echo "**** Ensure clean environment ****" # - "./gradlew about" # - echo "version=${CI_COMMIT_TAG}" > backend/main/resources/VERSION.txt # script: # - echo "**** Building ServerPackCreator ****" # - "./gradlew installQuasar cleanFrontend assembleFrontend copyDist build createExe -Pversion=${CI_COMMIT_TAG} --info --full-stacktrace -x test" # - echo "**** Listing build directory ****" # - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build # - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs # - LC_COLLATE=C ls -ah --group-directories-first --color=auto build/libs/libraries # - echo "**** Renaming files to please the eye ****" # - mv build/libs/${CI_PROJECT_NAME}.exe build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe # - LC_COLLATE=C ls -ahl --group-directories-first --color=auto build/libs # - echo "**** Uploading packages ****" # - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe # "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe"' # - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar # "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar"' # - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar # "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar"' # - 'curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file build/libs/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar # "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar"' # - echo "**** Create asset links ****" # - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}" # --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.exe" # --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"' # - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}" # --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.jar" # --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"' # - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}" # --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-javadoc.jar" # --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"' # - 'curl --request POST --header "PRIVATE-TOKEN: ${GITLAB_TOKEN}" --data tag_name="${CI_COMMIT_TAG}" # --data name="${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar" --data url="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${CI_PROJECT_NAME}/${CI_COMMIT_TAG}/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}-sources.jar" # --data link_type="package" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/releases/${CI_COMMIT_TAG}/assets/links"' # rules: # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/' # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/' #Publish Maven Artifacts: # stage: Build Release # image: ghcr.io/griefed/baseimage-ubuntu-jdk-8:2.0.3 # before_script: # - echo "**** Running in $CI_JOB_ID ****" # - echo "**** Java location ****" # - which java # - echo "**** Java version ****" # - java -version # - echo "**** Allowing execution of gradlew ****" # - chmod +x gradlew # - echo "**** Ensure clean environment ****" # - "./gradlew clean" # script: # - echo "**** Publishing Maven Artifacts ****" # - "./gradlew publish -Pversion=${CI_COMMIT_TAG} -x test --info --stacktrace" # rules: # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"' # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"' #Build Docker Release: # stage: Build Release # image: ghcr.io/griefed/gitlab-ci-cd:2.0.0 # before_script: # - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io # - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io # - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes # - docker buildx create --use --name grfdbuilder # script: # - docker buildx build --push --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64 # --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG" # --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:latest" # --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG" # --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:latest" # --build-arg BRANCH_OR_TAG=$CI_COMMIT_TAG # --build-arg HOSTER=$CI_SERVER_HOST # --build-arg VERSION=$CI_COMMIT_TAG # --file Dockerfile . # rules: # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"' #Build Docker PreRelease: # stage: Build Release # image: ghcr.io/griefed/gitlab-ci-cd:2.0.0 # before_script: # - docker login -u "$DOCKERHUB_USER" -p "$DOCKERHUB_TOKEN" docker.io # - docker login -u "$DOCKERHUB_USER" -p "$GITHUB_TOKEN" ghcr.io # - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes # - docker buildx create --use --name grfdbuilder # script: # - docker buildx build --push --no-cache --platform linux/amd64,linux/arm/v7,linux/arm64 # --tag "ghcr.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG" # --tag "index.docker.io/$DOCKERHUB_USER/$DOCKERHUB_REPO:$CI_COMMIT_TAG" # --build-arg BRANCH_OR_TAG=$CI_COMMIT_TAG # --build-arg HOSTER=$CI_SERVER_HOST # --build-arg VERSION=$CI_COMMIT_TAG # --file Dockerfile . # rules: # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/ && $CI_SERVER_HOST == "git.griefed.de"' #Inform About Release: # stage: Build Release # image: ghcr.io/griefed/gitlab-ci-cd:2.0.0 # needs: # - job: Build Release # artifacts: false # - job: Build Docker Release # artifacts: false # optional: true # - job: Build Docker PreRelease # artifacts: false # optional: true # script: # - /discord.sh # --webhook-url="$WEBHOOK_URL" # --username "$CI_PROJECT_TITLE" # --avatar "https://i.griefed.de/images/2020/11/18/Prosper_Docker_300x300.png" # --text "There's been a new release for ${CI_PROJECT_TITLE}. The new version is ${CI_COMMIT_TAG} and is available at <${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}>" # --title "New ${CI_PROJECT_TITLE} Release" # --description "There's been a new release for ${CI_PROJECT_TITLE}. The new version is ${CI_COMMIT_TAG} and is available at ${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}" # --color "0xC0FFEE" # --url "${CI_PROJECT_URL}/-/releases/${CI_COMMIT_TAG}" # --author "Griefed" # --author-url "https://${CI_SERVER_HOST}/Griefed" # --author-icon "https://i.griefed.de/images/2022/01/21/sam_1500x1500.th.jpg" # --image "https://i.griefed.de/images/2021/05/08/app.png" # --thumbnail "https://i.griefed.de/images/2020/11/18/Prosper_Docker_300x300.th.png" # --field "Author;[Griefed](https://${CI_SERVER_HOST}/Griefed)" # --field "Platform;[${CI_SERVER_HOST}](https://${CI_SERVER_HOST})" # --footer "Released at $CI_JOB_STARTED_AT" # --footer-icon "https://i.griefed.de/images/2022/01/21/start_generation.png" # rules: # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+-(alpha|beta)\.\d+$/' # - if: '$CI_COMMIT_TAG =~ /^\d+\.\d+\.\d+$/' coverage: stage: Other image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.8 allow_failure: true script: - python /opt/cover2cover.py build/jacoco/test/jacocoTestReport.xml $CI_PROJECT_DIR/backend/main/java/ > build/cobertura.xml || true - python /opt/source2filename.py build/cobertura.xml || true artifacts: reports: coverage_report: coverage_format: cobertura path: build/cobertura.xml Gradle Dependency-Checks: image: griefed/baseimage-ubuntu-jdk-8:2.0.12 stage: Other allow_failure: true before_script: - echo "**** Running in $CI_JOB_ID ****" - echo "**** Java location ****" - which java - echo "**** Java version ****" - java -version - echo "**** Allowing execution of gradlew ****" - chmod +x gradlew - echo "**** Ensure clean environment ****" - ./gradlew clean script: - echo "**** Checking for dependency updates ****" - ./gradlew dependencyUpdates --info artifacts: paths: - build/dependencyUpdates/report.txt expire_in: 1 week #release_job: # stage: Release # image: registry.gitlab.com/gitlab-org/release-cli:latest # rules: # - if: '$CI_COMMIT_TAG && $CI_SERVER_HOST == "gitlab.com"' # script: # - echo "Running the release job to mirror release generation from parent repository." # release: # tag_name: $CI_COMMIT_TAG # name: 'Release $CI_COMMIT_TAG' # description: './CHANGELOG.md' #pages: # # IF JAVA PROJECT # image: griefed/baseimage-ubuntu-jdk-8:1.0.5 # stage: Documentation # services: # - name: griefed/gitlab-ci-cd:1.0.4 # alias: docker # variables: # project_name: $CI_PROJECT_NAME # SEMANTIC_RELEASE_PACKAGE: $CI_PROJECT_NAME # before_script: # - which java # - chmod +x gradlew # - ./gradlew clean # script: # - ./gradlew javaDoc --info -x test # - cp -Rf build/docs/javadoc public # - LC_COLLATE=C ls -ahl --group-directories-first --color=auto # public # only: # - master # - main # artifacts: # paths: # - public # expire_in: 1 week # # # IF QUASAR PROJECT # image: griefed/gitlab-ci-cd:1.0.4 # stage: build # cache: # paths: # - node_modules/ # before_script: # - npm install # - rm -Rf dist # script: # - quasar build # - cp -Rf dist/spa/* public/ # artifacts: # paths: # - public # expire_in: 1 week # rules: # - if: "$CI_SERVER_HOST =~ /git.griefed.de/" # Check Packages:on-schedule: # only: # - schedules # before_script: # - |- # echo "Preparing package versions comparison." # # Check and, if necessary, update git user and mail # if [[ "$(git config --list | grep user.name)" != "user.name=$GIT_USER" ]];then # git config --global user.name $GIT_USER # fi # if [[ "$(git config --list | grep user.email)" != "user.email=$GIT_MAIL" ]];then # git config --global user.email $GIT_MAIL # fi # # # Clean system of potentially interrupting images # docker image rm -f $DOCKERHUB_USER/$DOCKERHUB_REPO:latest # docker image rm -f $DOCKERHUB_REPO # rm -rf /tmp/$CI_PROJECT_PATH # mkdir -p /tmp/$CI_PROJECT_PATH # echo "Preparations complete." # script: # - |- # echo "Comparing package versions." && \ # # Clone the repository # git clone $CI_PROJECT_URL.git /tmp/$CI_PROJECT_PATH && \ # cd /tmp/$CI_PROJECT_PATH && \ # # if [ ! -s "package_versions.txt" ];then # echo "No package_versions.txt available..." && \ # # # Gather package information from latest build # docker run --rm --entrypoint /bin/sh -v /tmp/$CI_PROJECT_PATH:/tmp $DOCKERHUB_USER/$DOCKERHUB_REPO:latest -c '\ # apk info -v > /tmp/package_versions.txt && \ # sort -o /tmp/package_versions.txt /tmp/package_versions.txt && \ # chmod 777 /tmp/package_versions.txt' && \ # # # Checkout our branch # git checkout -f $CI_DEFAULT_BRANCH && \ # # wait && \ # # # Add and commit new file to repository # git add package_versions.txt && \ # git commit -m 'chore: Add list of package versions.' && \ # # # Push the changes to the remote # git push "https://$GIT_USER:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git" --all && \ # # # Nice # echo "package_versions.txt added." # # elif [ -s "package_versions.txt" ];then # echo "Local package_versions.txt available..." && \ # # # Build local image for new package versions list # docker build --no-cache --tag $DOCKERHUB_REPO . && \ # # # Get packages from newly build local image # docker run --rm --entrypoint /bin/sh -v /tmp/$CI_PROJECT_PATH:/tmp $DOCKERHUB_REPO -c '\ # apk info -v > /tmp/package_versions_new.txt && \ # sort -o /tmp/package_versions_new.txt /tmp/package_versions_new.txt && \ # chmod 777 /tmp/package_versions_new.txt' && \ # # # Get checksum of old packages # OLD_CHECKSUM=$(md5sum package_versions.txt | cut -f1 -d" ") && \ # # # Get checksum of new packages # NEW_CHECKSUM=$(md5sum package_versions_new.txt | cut -f1 -d" ") # # # # # If new checksum is not the same as old checksum, we have new versions # if [ "${OLD_CHECKSUM}" != "${NEW_CHECKSUM}" ]; then # # echo "Checksums differ. Updating..." && \ # # # Checkout our branch # git checkout -f $CI_DEFAULT_BRANCH && \ # # # Copy the new package versions list to repository # mv -f package_versions_new.txt package_versions.txt && \ # # wait && \ # # # Add and commit new file to repository # git add package_versions.txt && \ # git commit -m 'build: Update installed packages in Docker container.' && \ # # # Push the changes to the remote # git push "https://$GIT_USER:$GITLAB_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git" --all && \ # # # Nice # echo "Packages updated." # else # echo "No package updates available." # fi # # fi # echo "Comparison complete." # after_script: # - |- # echo "Cleaning up." # docker image rm -f $DOCKERHUB_USER/$DOCKERHUB_REPO:latest # docker image rm -f $DOCKERHUB_REPO # rm -rf /tmp/$CI_PROJECT_PATH # echo "Done."