.gitlab-ci.yml

stages:
  - build
  - push
  
.run_conditions:
  rules:
    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+/'
      variables:
        DOCKER_IMAGE_TAG: $CI_COMMIT_TAG
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
      variables:
        DOCKER_IMAGE_TAG: "latest"
    - if: $CI_COMMIT_BRANCH
      variables:
        DOCKER_IMAGE_TAG: $CI_COMMIT_REF_SLUG

build_for_gitlabregistry:
  stage: build
  extends:
    - .run_conditions
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  variables:
    # flag with branch is the production branch, default to be the same as the default branch but
    # some projects use a development branch as default so you might want to set it the branch that goes to production
    PRODUCTION_BRANCH: $CI_DEFAULT_BRANCH
    # The URL to use to login into the registry
    DOCKER_REGISTRY_URL: $CI_REGISTRY
    # The username to use to login into the registry
    DOCKER_REGISTRY_USR: $CI_REGISTRY_USER
    # The password to use to login into the registry
    DOCKER_REGISTRY_PWD: $CI_REGISTRY_PASSWORD
    # The URL to put the image inside registry that consist of the DOCKER_REGISTRY_URL + project path ()
    DOCKER_IMAGE_URL: $CI_REGISTRY_IMAGE
    # the image tag (the part after ':', e.g. for 'nginx:latest', 'latest' is the tag)
    DOCKER_IMAGE_TAG: "latest"
    # add extra docker build arguments
    DOCKER_BUILD_ARGS: ""
    # These variables are alternatives to defining DOCKER_IMAGE_URL
    # They will be used as $DOCKER_REGISTRY_URL + '/' + $DOCKER_REGISTRY_PROJECT + '/' + $DOCKER_IMAGE_NAME
    DOCKER_REGISTRY_PROJECT: ""
    DOCKER_IMAGE_NAME: ""
    # These variables are alternatives to defining DOCKER_IMAGE_TAG
    # They will be used as $VERSION + $VERSION_SUFFIX
    VERSION: ""
    VERSION_SUFFIX: ""
  script:
    - |
      # Sanity check on DOCKER_REGISTRY_* variables
      if [[ ! -n "${DOCKER_REGISTRY_URL}" ]] || [[ ! -n "${DOCKER_REGISTRY_USR}" ]] || [[ ! -n "${DOCKER_REGISTRY_PWD}" ]]; then 
        echo 'Please define all these variables DOCKER_REGISTRY_URL, DOCKER_REGISTRY_USR, DOCKER_REGISTRY_PWD'; 
        exit 1;
      fi; 
    - |
      # Check/Generate DOCKER_IMAGE_URL variable
      if [[ ! -n "${DOCKER_IMAGE_URL}" ]]; then
        DOCKER_IMAGE_NAME=$(echo "${DOCKER_IMAGE_NAME:-$IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')
        if [[ ! -n "${DOCKER_REGISTRY_PROJECT}" ]] || [[ ! -n "${DOCKER_IMAGE_NAME}" ]]; then 
          echo 'Please define either DOCKER_IMAGE_URL or both of DOCKER_REGISTRY_PROJECT and DOCKER_IMAGE_NAME variables'; 
          exit 1;
        fi
        DOCKER_IMAGE_URL="${DOCKER_REGISTRY_URL}/${DOCKER_REGISTRY_PROJECT}/${DOCKER_IMAGE_NAME}"
      fi
    - |
      # Check/Generate DOCKER_IMAGE_TAG variable 
      if [[ ! -n "${DOCKER_IMAGE_TAG}" ]]; then
        if [[ ! -n "${VERSION}" ]]; then 
          echo 'Please define either DOCKER_IMAGE_TAG or VERSION in before_script section'; 
          exit 1;
        fi; 
        VERSION=$(echo $VERSION | sed -E 's/[^[:alnum:]._-]+/-/g');
        if [[ -n "$VERSION_SUFFIX" ]]; then 
          VERSION_SUFFIX=$(echo $VERSION_SUFFIX | sed -E 's/[^[:alnum:]._-]+/-/g'); 
        elif [[ "$PRODUCTION_BRANCH" != "$CI_COMMIT_REF_NAME" ]]; then
          VERSION_SUFFIX="-$CI_COMMIT_REF_SLUG";
        fi;
        DOCKER_IMAGE_TAG=$(echo "${VERSION}${VERSION_SUFFIX}" | tr '[:upper:]' '[:lower:]')
      fi;
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$DOCKER_REGISTRY_URL\":{\"username\":\"$DOCKER_REGISTRY_USR\",\"password\":\"$DOCKER_REGISTRY_PWD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $DOCKER_IMAGE_URL:$DOCKER_IMAGE_TAG --push-retry=2 --skip-tls-verify=true --skip-tls-verify-pull=true --skip-tls-verify-registry=true $DOCKER_BUILD_ARGS

push_to_dockerhub:
  stage: push
  extends:
    - .run_conditions
  needs:
    - build_for_gitlabregistry
  image:
    name: gcr.io/go-containerregistry/crane:debug
    entrypoint: [""]
  variables:
    REGISTRY_URL: index.docker.io
    REGISTRY_REPO: $DOCKERHUB_REPO
    REGISTRY_USER: $DOCKERHUB_USERNAME
    REGISTRY_PASSWORD: $DOCKERHUB_PASSWORD
  script:
    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - crane auth login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $REGISTRY_URL
    - crane copy ${CI_REGISTRY_IMAGE}:${DOCKER_IMAGE_TAG} ${REGISTRY_REPO}:${DOCKER_IMAGE_TAG} --insecure --platform linux/amd64