Example GitLab Repository & Pipeline #
File and Folder Structure #
The file and folder structure of the example repository looks like this:
GitLab-Repository
├── Dockerfile
├── .gitlab-ci.yml
└── static-website
└── index.html
CI Pipeline Manifest #
- .gitlab-ci.yml
### Variables
variables:
# Define the image name, tagging it with the GitLab CI registry and the current commit SHA
IMAGE_SHA: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
### Stages
stages:
- build
### Build Container Image
build_image:
image: docker:stable
stage: build
services:
- docker:dind
variables:
DOCKER_TLS_CERTDIR: ""
before_script:
# Login to GitLab Container Registry using predefined CI/CD variables
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
# Build the Docker image from the specified Dockerfile in the Dockerfiles directory
- docker build --pull -t $IMAGE_SHA -f Dockerfile .
# Push the built Docker image to the GitLab Container Registry
- docker push $IMAGE_SHA
# Print the image name
- echo $IMAGE_SHA
rules:
# Rule: Run this job only for the main branch and if the specified Dockerfile exists
- if: $CI_COMMIT_BRANCH == "main"
exists:
- Dockerfile
Note: The echo $IMAGE_SHA command prints the image name in the build_image job logs.
Dockerfile #
- Dockerfile
# Use the Alpine base image
FROM alpine:latest
# Install Apache2
RUN apk update && apk add apache2 && rm -rf /var/cache/apk/*
# Copy website files to the document root
COPY static-website/ /var/www/localhost/htdocs/
# Set ownership and permissions for Apache directories
RUN chown -R apache:apache /var/www && \
chown -R apache:apache /run/apache2 && \
chown -R apache:apache /var/log/apache2 && \
chmod -R 770 /var/run/apache2 && \
chmod -R 770 /var/log/apache2 && \
chown -R apache:apache /etc/apache2
# Start Apache2 using non-root user
USER apache
# Expose the default Apache port
EXPOSE 80
# Start Apache
ENTRYPOINT ["/usr/sbin/httpd", "-D", "FOREGROUND"]
HTML File #
- static-website/index.html
<!DOCTYPE html>
<html>
<head>
<title>jklug.work</title>
</head>
<body>
<h1>Some HTML</h1>
<p>Example website<br></p>
</body>
</html>
Retrieve Image Name #
Job Logs #
-
Go to: (Project) “Build” > “Jobs”
-
Select the
build_imagejob -
Copy the image name from the job logs:
# Copy the image name
$ echo $IMAGE_SHA
gitlab-registry.jklug.work/static-websites/build-project/main:de77eec73744727f191601defde0bd6f01a94854
Container Registry #
-
Go to: (Project) “Deploy” > “Container Registry”
-
Select
build-project/main -
Click “Copy image path”, the output looks like this:
# Image path
gitlab-registry.jklug.work/static-websites/build-project/main:de77eec73744727f191601defde0bd6f01a94854
Create Access Token #
Project Access Token #
Create Project Access Token #
Create a “Project Access Token” used to access the GitLab Registry of the project:
-
Go to: (Project) “Settings” > “Access Tokens”
-
Click “Add new token”
-
Define a token name like
registry-token -
Define the scope of the token: “read_registry” Grants read-only access to container registry images on private projects.
-
Click “Create project access token”
-
Copy the project access token, it should look like this:
glpat-BmiMVDNmNebUzmmDoy_U
Copy Project User #
For each project token, a bot user is created. Copy the name of the user:
-
Go to: (Project) “Manage” > “Members”
-
Copy the
registry-tokenusername from the members section, it should looks like this:
# Copy project member "registry-token"
project_28_bot_3da78613dad119f6306d5df35c2050ea
Personal Access Token #
Create a “Personal Access Token” used to access the GitLab Registries of all the projects the user has access to:
-
Click (User icon) “Edit profile”
-
Go to: (User settings) “Access Tokens”
-
Click “Add new token”
-
Define a token name like
general-registry-token -
Define the scope of the token: “read_registry”
-
Click “Create personal access token”
-
Copy the personal access token, it should look like this:
glpat-xH1zT3yCB4fegVmYjXK1
Pull the Image #
GitLab DNS Name #
Make sure the client from where the image will be pulled, can resolve the domain name of GitLab and the GitLab Registry:
# Add DNS / hosts entry
192.168.70.4 gitlab.jklug.work gitlab-registry.jklug.work
Login to GitLab Registry #
Project Access Token #
# Export the token as variable (don't save to bash history
TOKEN=glpat-BmiMVDNmNebUzmmDoy_U
# Login to GitLab registry
echo "$TOKEN" | docker login gitlab-registry.jklug.work -u project_28_bot_3da78613dad119f6306d5df35c2050ea --password-stdin
# Shell output:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded
Personal Access Token #
# Export the token as variable (don't save to bash history
TOKEN=glpat-xH1zT3yCB4fegVmYjXK1
# Login to GitLab registry: With "root" user
echo "$TOKEN" | docker login gitlab-registry.jklug.work -u root --password-stdin
# Shell output:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded
Pull Image from GitLab Registry #
# Pull the image
docker pull gitlab-registry.jklug.work/static-websites/build-project/main:de77eec73744727f191601defde0bd6f01a94854
# Run container from the image
docker run -d --name static-website -p 8080:80 gitlab-registry.jklug.work/static-websites/build-project/main:de77eec73744727f191601defde0bd6f01a94854