GitLab

buildkit is giving issues on armv7 after upgrading to musl-1.2. This is
most likely seccomp related. Without buildkit, there are no issues.

But we cannot blankly disable buildkit as the features we are using
require an up-to-date docker version, which is not the case everywhere
yet.

So disable this for armv7 so that we can continue building images.

The indentation causes newlines to be inserted, which breaks the command.

We need to able to upgrade images to deal with incompatibilities.

Not just for .build_with_arch

docker does not automatically make sure the latest base images are
fetche before building in image. This causes old base images to be used
even when newer ones are available.

Add `--pull` to the build command to make sure it fetches new images
before using them.

The platform argument for docker build uses different names for arches
than the image prefix. For example, to pull an image for armv7, you need
to use `arm32v7/alpine`, but to build an image for that arch, you should
use `--platform arm`.

Use a separate environment variable to designating the docker platform.

We build armv7 and x86 images on a 64 bits host in 32 bits mode. Even
though the images are 32 bits, docker still tags them as the host
architecture.

Docker has a way to specify the platform, but requries to enable
experimental features on the daemon, but this is not ideal.

An alternative is using buildkit, which has additional features for
docker. This can be enabled by setting `DOCKER_BUILDKIT` to `1`. So lets
use that so that we can specify `--platform` when running `docker build`.

For some reason, whenever the verify stage fails, the build jobs are
skipped (as expected), but the upload jobs are still attempted and fail
because nothing is built.

This could be due to dependencies set from upload jobs on build jobs,
but build jobs not having any dependencies. It might be that an
incomplete graph confuses gitlab and causes these jobs to run when they
should not.

Try to add dependencies from build jobs to the lint job as an attempt to
fix this.

We already ignore DL3007, which does not let you use ':latest'. DL3006
checks if you use ':latest' implicitly by not using any tag, so lets
ignore that one as well.

Using latest is good enough for us, and in case of actual issues we can
still pin to a specific release. This makes it easier to keep all images
up-to-date rather then having to change the base image version on each
repository.

The hadolint image is not available for all arches

They are missing, so no runner is selected.

docker-image: add linting job for Dockerfiles

See merge request !8

Use the hadolint docker container to lint Dockerfiles. DL3018 is ignored
because pinning versions does not make a lot of sense.

Allow disabling arches

Closes #1

See merge request !6

Not all images will be able to build on all arches. Use the 'except'
feature to exclude arches when a specific variable is set.

Fixes #1

This lets docker-ci continue with jobs in next stages for the same
arch (DAG)

use pigz for compression/decompression

See merge request !7

We need to be able to provide both the docker arch naming standard as
the Alpine arch naming standard. When building on top of Alpine managed
images, the architecture name is different, so we need to be able to
specify that.

The docker arch for armv7 is 'arm32v7'. Because armv7 is run on aarch64,
specify DOCKER_ARCH to make sure the correct image is downloaded.

Instead of supplying it as an argument, pass it through stdin so that
the password will not be visible in the process output.

Add validation that the password has been specified as well.

The builder is available again.

This reverts commit 9fb2211a.

Each upload job depends on artifacts from the build job, but only from
the same arch. Now each upload job gets the artifacts for all build
jobs, which costs more time, and takes more space.

Limit each upload job to depend only on the build job for the same arch.

While the runner is unavailable, temporarily disable the jobs for this
runner.

This tag is missing but necessary to get builders that can build docker
containers.

This tag specifies that this runner can build docker images.

Caching is preventing us to update images without any change to the
project, for example to get the latest versions of packages included.

Disable cache so that every time the image is built, all layers are
recreated.

See merge request !4

The docker-image ci job relies on docker to persist images so that they
can be used in different stages. This only works when all stages are
executed on the same host.

This prevents the use of multiple runners, as different jobs may be
executed on different runners.

To fix this, we can use the artifacts feature of gitlab. We use `docker
image save` to create a tar archive of the image, which is then
persisted by gitlab for following stages.

See merge request !3