Add .gitlab-ci.yml, remove own registry

Signed-off-by: René Jochum <rene@jochum.dev>
master 3.5.6-r29
René Jochum 2 years ago
parent 43b7650f72
commit b244fe745f

@ -0,0 +1,55 @@
image: docker:20.10.14
variables:
# When you use the dind service, you must instruct Docker to talk with
# the daemon started inside of the service. The daemon is available
# with a network connection instead of the default
# /var/run/docker.sock socket. Docker 19.03 does this automatically
# by setting the DOCKER_HOST in
# https://github.com/docker-library/docker/blob/d45051476babc297257df490d22cbd806f1b11e4/19.03/docker-entrypoint.sh#L23-L29
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/services/#accessing-the-services.
#
# Specify to Docker where to create the certificates. Docker
# creates them automatically on boot, and creates
# `/certs/client` to share between the service and job
# container, thanks to volume mount from config.toml
DOCKER_TLS_CERTDIR: "/certs"
services:
- docker:20.10.14-dind
stages:
- build
- push
before_script:
- echo -n $HARBOR_TOKEN | docker login -u "robot\$jochum+gitlab" --password-stdin $HARBOR_REGISTRY
- docker version
- docker info
after_script:
- docker logout $HARBOR_REGISTRY
Build:
stage: build
only:
- tags
script:
- docker pull $HARBOR_REGISTRY_IMAGE:latest || true
- >
docker build
--pull
--cache-from $HARBOR_REGISTRY_IMAGE:latest
--tag $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA
Push_When_tag:
stage: push
only:
- tags
script:
- docker pull $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_SHA $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker push $HARBOR_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME

@ -1,19 +0,0 @@
stages:
- name: build_and_publish
steps:
- publishImageConfig:
dockerfilePath: ./Dockerfile
buildContext: .
tag: registry.jochum.dev/jochum/postfix:${CICD_GIT_TAG}
pushRemote: true
registry: registry.jochum.dev
timeout: 60
notification:
recipients:
- recipient: rene@jochum.dev
notifier: local:n-wnbgn
condition:
- Success
- Changed
- Failed

@ -1,8 +1,22 @@
FROM registry.jochum.dev/jochum/debian-apt-cacher:buster-slim
FROM debian:bullseye-slim
LABEL maintainer "René Jochum <rene@jochum.dev>"
RUN echo "postfix postfix/mailname string mail.example.com" | debconf-set-selections && \
ENV DEBIAN_FRONTEND noninteractive
# Configure Proxy
RUN set -ex; \
sed -i 's/deb.debian.org/ftp.ch.debian.org/g' /etc/apt/sources.list && \
apt-get update --allow-releaseinfo-change && \
apt-get install -qy netcat-openbsd && \
sed -i 's/ftp.ch.debian.org/deb.debian.org/g' /etc/apt/sources.list || exit 0 && \
if [ -z "$APT_CACHER" ]; then APT_CACHER="apt-cacher.apt-cacher.svc.cluster.local"; fi && \
if nc -w1 -z $APT_CACHER 3142 1>/dev/null 2>&1; then \
echo 'Acquire::HTTP::Proxy "http://'$APT_CACHER':3142";' >> /etc/apt/apt.conf.d/01proxy && \
echo 'Acquire::HTTPS::Proxy "false";' >> /etc/apt/apt.conf.d/01proxy; else exit 0; fi
RUN set -ex; \
echo "postfix postfix/mailname string mail.example.com" | debconf-set-selections && \
echo "postfix postfix/main_mailer_type string 'No configuration'" | debconf-set-selections && \
apt-get update --allow-releaseinfo-change && \
apt-get install -qy -o 'DPkg::Options::=--force-confold' -o 'DPkg::Options::=--force-confdef' postfix postfix-pgsql postfix-mysql postfix-pcre python3-minimal python3-jinja2

@ -4,14 +4,14 @@ compatibility_level=2
myhostname = {{ HOSTNAME }}
mydomain = {{ MYDOMAIN }}
mydestination = $myhostname, localhost
# mynetworks = 192.168.1.0/24, 127.0.0.0/8
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAY_NETS }}
myorigin = $mydomain
relay_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/relay_domains.cf
maillog_file = /dev/stdout
maillog_file_prefixes = /logs
maillog_file = /logs/postfix.log
# In kube we don't often don't have a stable outgoing IP Address, use a relayhost for this.
relayhost = {{ RELAY_HOST }}
{% if RELAY_HOST is defined %}relayhost = {{ RELAY_HOST }}{% endif %}
# enable auth via Dovecot
smtpd_sasl_auth_enable = yes
@ -34,9 +34,12 @@ virtual_transport=lmtp:inet:{{ DOVECOT_HOST }}:{{ DOVECOT_LMTP_PORT }}
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
# SPAM scanner
{% if SMTPD_MILTERS is defined %}smtpd_milters = {{ SMTPD_MILTERS }}{% endif %}
# TLS server (receiving)
smtpd_tls_auth_only = yes
smtpd_tls_security_level = encrypt
smtpd_tls_security_level = {% if SMTPD_TLS_SECURITY_LEVEL is defined %}{{ SMTPD_TLS_SECURITY_LEVEL }}{% else %}encrypt{% endif %}
smtpd_tls_key_file = /cert/tls.key
smtpd_tls_cert_file = /cert/tls.crt
#smtpd_tls_CAfile = /cert/ca.crt

Loading…
Cancel
Save