Implemented fix to prisma scan step and release tag stage in .gitlab-…

…ci.yml to stage-container-1
USEPA · Aug 27, 2024 · a913e31 · a913e31
1 parent 602b1ec
commit a913e31
Showing 1 changed file with 19 additions and 3 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,6 +1,7 @@
 stages:
 
   - build
+  - release
   - prisma scan
   - Non-Production Dev Deployment
   - Non-Production Stage Deployment
@@ -23,6 +24,21 @@ Build IntranetCMS Image:
     - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
     - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/docker/Dockerfile --destination $CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_SHORT_SHA
 
+Release:
+  stage: release
+  tags:
+    - intranetcms-dev-runner
+  image:
+    name: gcr.io/go-containerregistry/crane:debug
+    entrypoint: [""]
+  script:
+    # https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane_copy.md
+    - crane auth login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+    - crane copy "$CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_SHORT_SHA" "$CI_REGISTRY_IMAGE/intranetcms-build:latest"
+    - crane copy "$CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_SHORT_SHA" "$CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_TAG"
+  only:
+    - tags
+
 Prisma Scan:
   stage: prisma scan
   tags:
@@ -34,7 +50,7 @@ Prisma Scan:
     - 'curl --progress-bar -L -k --header "Authorization: Bearer $PRISMA_CI_TOKEN" https://prismacloud.epa.gov/api/v1/util/twistcli > twistcli; chmod a+x twistcli;'
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
     - docker pull $CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_SHORT_SHA
-    - ./twistcli images scan $CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_SHORT_SHA --address=https://prismacloud.epa.gov --details --token=$PRISMA_CI_TOKEN
+    - ./twistcli images scan --address=https://prismacloud.epa.gov --details --token=$PRISMA_CI_TOKEN $CI_REGISTRY_IMAGE/intranetcms-build:$CI_COMMIT_SHORT_SHA
   allow_failure: true
   after_script:
     # Cleanup the above space use on Runner.
@@ -129,7 +145,7 @@ Post Deploy Dev:
       namespace: cms-45-dev
 
 Post Deploy Dev10:
-  stage: Non-Production Stage Post Deploy
+  stage: Non-Production Dev10 Post Deploy
   rules:
     - if: '$CI_COMMIT_BRANCH == "dev-container-10"'
   tags:
@@ -138,7 +154,7 @@ Post Deploy Dev10:
   script:
     - kubectl config use-context intranet-cms/intracms-infra-dev:intranetcms-dev-k8s-agent
     - apk add gettext
-    - envsubst < k8s/drush.yml | kubectl create -f - -n cms-45-next
+    - envsubst < k8s/drush-dev10.yml | kubectl create -f - -n cms-45-next
   environment:
     name: dev10
     url: