datadog-lambda-js/.gitlab-ci.yml at main · DataDog/datadog-lambda-js · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
variables:
  DOCKER_TARGET_IMAGE: registry.ddbuild.io/ci/datadog-lambda-js
  DOCKER_TARGET_VERSION: latest

stages:
  - pre
  - build

ci image:
  stage: build
  image: registry.ddbuild.io/images/docker:20.10
  tags: ["arch:arm64"]
  id_tokens:
    DDSIGN_ID_TOKEN:
      aud: image-integrity
  needs: []
  rules:
    - if: '$CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push"'
      changes:
        - .gitlab/Dockerfile
      when: on_success
  variables:
    DOCKER_TARGET: ${DOCKER_TARGET_IMAGE}:${DOCKER_TARGET_VERSION}
  script:
    - METADATA_FILE=$(mktemp)
    - docker buildx build --platform linux/amd64,linux/arm64 --no-cache --pull ---tag ${DOCKER_TARGET} -f .gitlab/Dockerfile -push --metadata-file ${METADATA_FILE} .
    - ddsign sign ${DOCKER_TARGET} --docker-metadata-file ${METADATA_FILE}

.go-cache: &go-cache
  key: datadog-lambda-js-go-cache
  policy: pull

generator:
  stage: pre
  image: registry.ddbuild.io/images/mirror/golang:alpine
  tags: ["arch:amd64"]
  cache: *go-cache
  script:
    - apk add --no-cache gomplate
    - gomplate --config .gitlab/config.yaml
  artifacts:
    paths:
      - .gitlab/*-pipeline.yaml

build-layers:
  stage: build
  trigger:
    include:
      - artifact: .gitlab/build-pipeline.yaml
        job: generator
    strategy: depend
  rules:
    - when: on_success