Loading jobs/docker_build/docker_build.yml +19 −6 Original line number Diff line number Diff line Loading @@ -4,21 +4,34 @@ docker_build: name: gcr.io/kaniko-project/executor:debug-v0.20.0 entrypoint: [""] variables: IMAGE: "" CUSTOM_REGISTRY: "" REGISTRY_USER: "" REGISTRY_PASSWORD: "" CUSTOM_TAG: "" COMMIT_CREATE_LATEST: "false" TAG_CREATE_LATEST: "true" script: - mkdir -p /kaniko/.docker/ - if [ ! -z ${CUSTOM_REGISTRY} ]; then - echo "{\"auths\":{\"$CUSTOM_REGISTRY\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - else - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - fi - if [ ! -z ${CI_COMMIT_TAG} ]; then - IMAGE=${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - IMAGE_TAG=${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - if [ ${TAG_CREATE_LATEST} == "true" ]; then - OPTIONAL_TAG="--destination ${CI_REGISTRY_IMAGE}:latest" - fi - elif [ -z ${IMAGE} ]; then - IMAGE=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - else - IMAGE_TAG=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - if [ ${COMMIT_CREATE_LATEST} == "true" ]; then - OPTIONAL_TAG="--destination ${CI_REGISTRY_IMAGE}:latest" - fi - fi - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${IMAGE} ${OPTIONAL_TAG} - if [ ! -z ${CUSTOM_TAG} ]; then - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${CUSTOM_TAG} - else - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${IMAGE_TAG} ${OPTIONAL_TAG} - fi jobs/trivy_image/trivy_image.yml +19 −18 Original line number Diff line number Diff line Loading @@ -36,20 +36,30 @@ trivy: TRIVY_QUIET: "false" TRIVY_SKIP_UPDATE: "false" before_script: CUSTOM_REGISTRY: "" REGISTRY_USER: "" REGISTRY_PASSWORD: "" CUSTOM_TAG: "" COMMIT_CREATE_LATEST: "false" TAG_CREATE_LATEST: "true" script: - wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - wget -O $TEMPLATE_NAME https://github.com/aquasecurity/trivy/raw/v${TRIVY_VERSION}/contrib/junit.tpl - if [ ! -z ${CUSTOM_REGISTRY} ]; then - docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $CUSTOM_REGISTRY - else - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - fi script: - if [ ! -z ${IMAGE} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $IMAGE - elif [ -z ${CI_COMMIT_SHA} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - elif [ -z ${CI_COMMIT_TAG} ]; then - if [ ! -z ${CUSTOM_TAG} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CUSTOM_TAG - elif [ ! -z ${CI_COMMIT_TAG} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG - else - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - fi cache: Loading @@ -61,13 +71,4 @@ trivy: junit: "$TRIVY_OUTPUT" expire_in: 30 days when: always dependencies: [] # Run trivy on tag commit trivy_tag: extends: trivy variables: IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG rules: - if: "$CI_COMMIT_TAG" Loading
jobs/docker_build/docker_build.yml +19 −6 Original line number Diff line number Diff line Loading @@ -4,21 +4,34 @@ docker_build: name: gcr.io/kaniko-project/executor:debug-v0.20.0 entrypoint: [""] variables: IMAGE: "" CUSTOM_REGISTRY: "" REGISTRY_USER: "" REGISTRY_PASSWORD: "" CUSTOM_TAG: "" COMMIT_CREATE_LATEST: "false" TAG_CREATE_LATEST: "true" script: - mkdir -p /kaniko/.docker/ - if [ ! -z ${CUSTOM_REGISTRY} ]; then - echo "{\"auths\":{\"$CUSTOM_REGISTRY\":{\"username\":\"$REGISTRY_USER\",\"password\":\"$REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - else - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - fi - if [ ! -z ${CI_COMMIT_TAG} ]; then - IMAGE=${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - IMAGE_TAG=${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - if [ ${TAG_CREATE_LATEST} == "true" ]; then - OPTIONAL_TAG="--destination ${CI_REGISTRY_IMAGE}:latest" - fi - elif [ -z ${IMAGE} ]; then - IMAGE=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - else - IMAGE_TAG=${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} - if [ ${COMMIT_CREATE_LATEST} == "true" ]; then - OPTIONAL_TAG="--destination ${CI_REGISTRY_IMAGE}:latest" - fi - fi - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${IMAGE} ${OPTIONAL_TAG} - if [ ! -z ${CUSTOM_TAG} ]; then - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${CUSTOM_TAG} - else - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/Dockerfile --destination ${IMAGE_TAG} ${OPTIONAL_TAG} - fi
jobs/trivy_image/trivy_image.yml +19 −18 Original line number Diff line number Diff line Loading @@ -36,20 +36,30 @@ trivy: TRIVY_QUIET: "false" TRIVY_SKIP_UPDATE: "false" before_script: CUSTOM_REGISTRY: "" REGISTRY_USER: "" REGISTRY_PASSWORD: "" CUSTOM_TAG: "" COMMIT_CREATE_LATEST: "false" TAG_CREATE_LATEST: "true" script: - wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - wget -O $TEMPLATE_NAME https://github.com/aquasecurity/trivy/raw/v${TRIVY_VERSION}/contrib/junit.tpl - if [ ! -z ${CUSTOM_REGISTRY} ]; then - docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $CUSTOM_REGISTRY - else - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - fi script: - if [ ! -z ${IMAGE} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $IMAGE - elif [ -z ${CI_COMMIT_SHA} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - elif [ -z ${CI_COMMIT_TAG} ]; then - if [ ! -z ${CUSTOM_TAG} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CUSTOM_TAG - elif [ ! -z ${CI_COMMIT_TAG} ]; then - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG - else - ./trivy --template "@$TEMPLATE_NAME" -o $TRIVY_OUTPUT $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA - fi cache: Loading @@ -61,13 +71,4 @@ trivy: junit: "$TRIVY_OUTPUT" expire_in: 30 days when: always dependencies: [] # Run trivy on tag commit trivy_tag: extends: trivy variables: IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG rules: - if: "$CI_COMMIT_TAG"