Commit dbcd5849 authored by FulcrandG's avatar FulcrandG
Browse files

Testing docker and trivy job

parent 05cb28b4
Loading
Loading
Loading
Loading
+19 −6
Original line number Diff line number Diff line
@@ -4,21 +4,34 @@ docker_build:
    name: gcr.io/kaniko-project/executor:debug-v0.20.0
    entrypoint: [""]
  variables:
    IMAGE: ""
    CUSTOM_REGISTRY: ""
    REGISTRY_USER: ""
    REGISTRY_PASSWORD: ""
    CUSTOM_TAG: ""
    COMMIT_CREATE_LATEST: "false"
    TAG_CREATE_LATEST: "true"
  script:
    - mkdir -p /kaniko/.docker/
    - if [ ! -z ${CUSTOM_REGISTRY} ]; then
    -   echo "{\"auths\":{\"$CUSTOM_REGISTRY\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - else
    -   echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - fi

    - if [ ! -z ${CI_COMMIT_TAG} ]; then
    -   IMAGE=${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
    -   IMAGE_TAG=${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
    -   if [ ${TAG_CREATE_LATEST} == "true" ]; then
    -     OPTIONAL_TAG="--destination ${CI_REGISTRY_IMAGE}:latest"
    -   fi
    - elif [ -z ${IMAGE} ]; then
    -   IMAGE=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
    - else
    -   IMAGE_TAG=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
    -   if [ ${COMMIT_CREATE_LATEST} == "true" ]; then
    -     OPTIONAL_TAG="--destination ${CI_REGISTRY_IMAGE}:latest"
    -   fi
    - fi
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${IMAGE} ${OPTIONAL_TAG}

    - if [ ! -z ${CUSTOM_TAG} ]; then
    -   /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${CUSTOM_TAG}
    - else
    -   /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${IMAGE_TAG} ${OPTIONAL_TAG}
    - fi
+19 −18
Original line number Diff line number Diff line
@@ -36,20 +36,30 @@ trivy:
    TRIVY_QUIET: "false"
    TRIVY_SKIP_UPDATE: "false"

  before_script:
    CUSTOM_REGISTRY: ""
    REGISTRY_USER: ""
    REGISTRY_PASSWORD: ""
    CUSTOM_TAG: ""
    COMMIT_CREATE_LATEST: "false"
    TAG_CREATE_LATEST: "true"

  script:
    - wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
    - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
    - wget -O $TEMPLATE_NAME https://github.com/aquasecurity/trivy/raw/v${TRIVY_VERSION}/contrib/junit.tpl

    - if [ ! -z ${CUSTOM_REGISTRY} ]; then
    -   docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $CUSTOM_REGISTRY
    - else
    -   docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - fi

  script:
    - if [ ! -z ${IMAGE} ]; then
    -   ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $IMAGE
    - elif [ -z ${CI_COMMIT_SHA} ]; then
    -   ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - elif [ -z ${CI_COMMIT_TAG} ]; then
    - if [ ! -z ${CUSTOM_TAG} ]; then
    -   ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CUSTOM_TAG
    - elif [ ! -z ${CI_COMMIT_TAG} ]; then
    -   ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
    - else
    -   ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - fi

  cache:
@@ -61,13 +71,4 @@ trivy:
      junit: "$TRIVY_OUTPUT"
    expire_in: 30 days
    when: always
  dependencies: []

# Run trivy on tag commit
trivy_tag:
  extends: trivy
  variables:
    IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
  rules:
    - if: "$CI_COMMIT_TAG"