-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
39 lines (37 loc) · 1.68 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
variables:
SECURITY_MONITORING:
value: "no"
options:
- "yes"
- "no"
description: "Set to yes if you want to run the security monitoring jobs"
# version
PACKAGE_REGISTRY: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/keycloak-tar"
# Documentation build uses this variable to set the release version of the document
KEYCLOAK_VERSION: "25.0.6"
# this is where we get keycloak from
KEYCLOAK_SOURCE: "https://github.com/keycloak/keycloak/releases/download/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz"
# this is where we keycloak store and use from during the image build
KEYCLOAK_DIST: "${PACKAGE_REGISTRY}/$KEYCLOAK_VERSION/keycloak-$KEYCLOAK_VERSION.tar.gz"
# Documentation build uses this variable to determine the artifact output directory.
DOC_TARGET_VERSION: "${KEYCLOAK_VERSION}"
KANIKO_ARGS: --build-arg commit="$CI_COMMIT_SHA" --build-arg date="$CI_JOB_STARTED_AT" --cache=true --cache-repo=$CI_REGISTRY_IMAGE/cache --build-arg KEYCLOAK_VERSION=$KEYCLOAK_VERSION --build-arg KEYCLOAK_DIST=$KEYCLOAK_DIST
LATEST_RELEASED_KEYCLOAK_VERSION: "25.0.6-ucs3"
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_OPEN_MERGE_REQUESTS
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "webide"
- if: $SECURITY_MONITORING == "yes"
include:
- project: univention/dist/docker-services
file:
- kaniko.yml
- pre-commit.yml
- local: /.gitlab-ci/gitlab-ci.yml
rules:
- if: $SECURITY_MONITORING != "yes"
- local: /.gitlab-ci/gitlab-ci-sec.yml
rules:
- if: $SECURITY_MONITORING == "yes"