GitLab

Instead of using the general 'arm' platform, use specific variants for
each architecture.

It overrides the rules in a way that would enable it on every event if
it is enabled.

Make sure the job only runs on branches and tags, like the rest.

Instead of the `except` syntax, use the new `rules` syntax for jobs,
which is what gitlab is going to support in the future.

Add a workflow section to make sure jobs are only created for branches
and tags (not for merge requests).

There is now an official riscv64 alpinelinux image available on docker
hub, so we do not need to rely on a local image anymore.

That gives more time to restart jobs in case something failed.

There is no image available for riscv64, instead, we use the image that
is locally available on the host.

The .upload job it extends from already has a 'only' section, which
cannot be combined with 'rules'.

Makes sure this is only run on hosts with good network connections.

The plain hadolint/hadolint image was never supposed to contain a shell.
This has been fixed by upstream. They provide distro tags to get a
distribution in the image, for example hadolint/hadolint:latest-alpine.

buildkit is giving issues on armv7 after upgrading to musl-1.2. This is
most likely seccomp related. Without buildkit, there are no issues.

But we cannot blankly disable buildkit as the features we are using
require an up-to-date docker version, which is not the case everywhere
yet.

So disable this for armv7 so that we can continue building images.

The indentation causes newlines to be inserted, which breaks the command.

We need to able to upgrade images to deal with incompatibilities.

Not just for .build_with_arch

docker does not automatically make sure the latest base images are
fetche before building in image. This causes old base images to be used
even when newer ones are available.

Add `--pull` to the build command to make sure it fetches new images
before using them.

The platform argument for docker build uses different names for arches
than the image prefix. For example, to pull an image for armv7, you need
to use `arm32v7/alpine`, but to build an image for that arch, you should
use `--platform arm`.

Use a separate environment variable to designating the docker platform.

We build armv7 and x86 images on a 64 bits host in 32 bits mode. Even
though the images are 32 bits, docker still tags them as the host
architecture.

Docker has a way to specify the platform, but requries to enable
experimental features on the daemon, but this is not ideal.

An alternative is using buildkit, which has additional features for
docker. This can be enabled by setting `DOCKER_BUILDKIT` to `1`. So lets
use that so that we can specify `--platform` when running `docker build`.

For some reason, whenever the verify stage fails, the build jobs are
skipped (as expected), but the upload jobs are still attempted and fail
because nothing is built.

This could be due to dependencies set from upload jobs on build jobs,
but build jobs not having any dependencies. It might be that an
incomplete graph confuses gitlab and causes these jobs to run when they
should not.

Try to add dependencies from build jobs to the lint job as an attempt to
fix this.

We already ignore DL3007, which does not let you use ':latest'. DL3006
checks if you use ':latest' implicitly by not using any tag, so lets
ignore that one as well.

Using latest is good enough for us, and in case of actual issues we can
still pin to a specific release. This makes it easier to keep all images
up-to-date rather then having to change the base image version on each
repository.

The hadolint image is not available for all arches

They are missing, so no runner is selected.

docker-image: add linting job for Dockerfiles

See merge request !8

Use the hadolint docker container to lint Dockerfiles. DL3018 is ignored
because pinning versions does not make a lot of sense.

Allow disabling arches

Closes #1

See merge request !6

Kevin Daudt authored Nov 23, 2019 and Carlo Landmeter committed Jan 06, 2020

Not all images will be able to build on all arches. Use the 'except'
feature to exclude arches when a specific variable is set.

Fixes #1

Kevin Daudt authored Nov 23, 2019 and Carlo Landmeter committed Jan 06, 2020

This lets docker-ci continue with jobs in next stages for the same
arch (DAG)

use pigz for compression/decompression

See merge request !7

We need to be able to provide both the docker arch naming standard as
the Alpine arch naming standard. When building on top of Alpine managed
images, the architecture name is different, so we need to be able to
specify that.

The docker arch for armv7 is 'arm32v7'. Because armv7 is run on aarch64,
specify DOCKER_ARCH to make sure the correct image is downloaded.

Instead of supplying it as an argument, pass it through stdin so that
the password will not be visible in the process output.

Add validation that the password has been specified as well.