forked from mathieu-benoit/mathieu-benoit.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudbuild.yaml
28 lines (28 loc) · 1.36 KB
/
cloudbuild.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
steps:
- name: gcr.io/cloud-builders/git
id: git-clone
args: ['clone', '--recurse-submodules', 'https://github.com/${_REPO_OWNER}/${_APP_NAME}']
- name: gcr.io/cloud-builders/docker
id: docker-build
entrypoint: 'bash'
args:
- '-c'
- |
sed -i "s,FROM alpine,FROM ${_CONTAINER_REGISTRY_NAME}/alpine,g;s,FROM nginxinc,FROM ${_CONTAINER_REGISTRY_NAME},g" ${_APP_NAME}/Dockerfile
docker build -t ${_CONTAINER_REGISTRY_NAME}/${_APP_NAME}:$SHORT_SHA ${_APP_NAME}/.
- name: gcr.io/cloud-builders/docker
id: dockle
args: ['run', '-v', '/var/run/docker.sock:/var/run/docker.sock', '--rm', 'goodwithtech/dockle', '--exit-code', '1', '--exit-level', 'fatal', '${_CONTAINER_REGISTRY_NAME}/${_APP_NAME}:$SHORT_SHA']
- name: gcr.io/cloud-builders/docker
id: trivy
args: ['run', '-v', '/var/run/docker.sock:/var/run/docker.sock', '--rm', 'aquasec/trivy', '--severity', 'CRITICAL,HIGH', '${_CONTAINER_REGISTRY_NAME}/${_APP_NAME}:$SHORT_SHA']
- name: gcr.io/cloud-builders/docker
id: docker-run
args: ['run', '-d', '-p', '8080:8080', '--read-only', '--cap-drop=ALL', '--user=1000', '${_CONTAINER_REGISTRY_NAME}/${_APP_NAME}:$SHORT_SHA']
- name: gcr.io/cloud-builders/docker
id: docker-push
args: ['push', '${_CONTAINER_REGISTRY_NAME}/${_APP_NAME}:$SHORT_SHA']
substitutions:
_APP_NAME: myblog
_REPO_OWNER: mathieu-benoit
_CONTAINER_REGISTRY_NAME: SUBSTITUTE_ME