Skip to content

Gitlab CI/CD

Configure project variables

To use the Gitlab CI/CD with harbor, first setup a robot account. On your gitlab project go to Settings -> CI/CD -> Variables (expand) and create a new variable DOCKER_AUTH_CONFIG if not already inherited from a parent project. The value should be set to:

Linux

Using a console, get the value of DOCKER_AUTH_CONFIG by following:

ROBOT_ACCOUNT_NAME=<your-robot-account-name>
ROBOT_ACCOUNT_TOKEN=<robot-account-token>
BASE64_AUTH=$(echo -n "${ROBOT_ACCOUNT_NAME}:${ROBOT_ACCOUNT_TOKEN}" | base64 -w 0)
echo "{
    \"auths\": {
        \"registry.cern.ch\": {
            \"auth\": \""${BASE64_AUTH}"\"
        }
    }
}"

Windows

Using Powershell, get the value of DOCKER_AUTH_CONFIG variable by following:

$ROBOT_ACCOUNT_NAME = '<your-robot-account-name>'
$ROBOT_ACCOUNT_TOKEN = '<robot-account-token>'
$BASE64_AUTH = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(-join($ROBOT_ACCOUNT_NAME,":",$ROBOT_ACCOUNT_TOKEN)))
echo "{
     `"auths`": {
         `"registry.cern.ch`": {
            `"auth`": `"${BASE64_AUTH}`"
        }
    }
 }"

Variable Generator

Alternatively, you can generate the value from this website

Configure your pipeline

Two CI template files are provided, these should be included in the gitlab-ci.yml file depending on the use case:

1. To build an image using kaniko, include this template file as shown here:

include: 
- project : 'ci-tools/container-image-ci-templates'
  file : 'kaniko-build-push-image.gitlab-ci.yml'

2. To build the image with docker-in-docker privileged mode, include this template file as shown here:

include: 
- project : 'ci-tools/container-image-ci-templates'
  file : 'docker-build-push-image.gitlab-ci.yml'

Below is a list of template ENVIRONMENT_VARIABLES that you can configure:

  • HARBOR_IMAGE_PATH: Default value is registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME. I.e. If the project is at gitlab.cern.ch/mygroup/myproject then HARBOR_IMAGE_PATH by default will be registry.cern.ch/mygroup/myproject. Changing the tag or image can be done by appending the image tag at the end of the variable i.e HARBOR_IMAGE_PATH set to 'registry.cern.ch/path/to/image:customtag'

  • CONTEXT_DIR: Default value is set to an empty string " ". The build context is set to the base folder of the repository. It represents a directory containing a Dockerfile which kaniko will use to build the image. If the build context for kaniko is folder_name/subfolder_name/, then set the variable CONTEXT_DIR as folder_name/subfolder_name.

  • DOCKER_FILE_NAME: Default value is set to Dockerfile. It stores the name of the Dockerfile to be built. DOCKER_FILE_NAME variable is relative to CONTEXT DIR variable. (i.e. if the CONTEXT_DIR variable is folder_name and the DOCKER_FILE_NAME variable is dockerfile_name, then kaniko will build the image using the docker file folder_name/dockerfile_name in the repository)

For example, to build an image using a dockerfile Dockerfile_ubuntu from the project directory dockerfiles_folder/ and push this image to registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/newimage:mycustomtag, the gitlab-ci.yml file should look like this:

stages:
- build

variables:
  HARBOR_IMAGE_PATH : "registry.cern.ch/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/newimage:mycustomtag"
  CONTEXT_DIR: "dockerfiles_folder"
  DOCKER_FILE_NAME: "Dockerfile_ubuntu"

include: 
- project : 'ci-tools/container-image-ci-templates'
  file : 'kaniko-build-push-image.gitlab-ci.yml'

Last update: December 6, 2021