Loading templates/gitlab-ci-docker.yml +9 −2 Original line number Diff line number Diff line Loading @@ -725,6 +725,7 @@ docker-hadolint: script: - autoconfig_hadolint - mkdir -p -m 777 reports - log_info "Scanning ${DOCKER_FILE}..." - dockerfile_hash=$(echo "$DOCKER_FILE" | md5sum | cut -d" " -f1) # Output in Code Climate format (GitLab integration) - hadolint --no-fail -f gitlab_codeclimate $DOCKER_HADOLINT_ARGS $hadolint_config_opts "$DOCKER_FILE" > "reports/docker-hadolint-${dockerfile_hash}.codeclimate.json" Loading Loading @@ -862,7 +863,9 @@ docker-healthcheck: variables: GIT_STRATEGY: none stage: package-test script: | script: - log_info "Healthchecking ${DOCKER_SNAPSHOT_IMAGE}..." - | # Test by internal health_check (Recommended way, more info https://docs.docker.com/engine/reference/builder/#healthcheck) # This looks complicated but you normally don't have to touch this... function unexpected_error() { Loading Loading @@ -928,7 +931,9 @@ docker-trivy: stage: package-test variables: TRIVY_CACHE_DIR: ".trivycache/" script: | script: - log_info "Scanning vulnerabilities from ${DOCKER_SNAPSHOT_IMAGE}..." - | # cache cleanup is needed when scanning images with the same tags, it does not remove the database trivy clean --scan-cache || trivy image --clear-cache export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}} Loading Loading @@ -976,6 +981,7 @@ docker-sbom: name: $DOCKER_SBOM_IMAGE entrypoint: [""] script: - log_info "Extracting SBOM from ${DOCKER_SNAPSHOT_IMAGE}..." - mkdir -p -m 777 reports - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') - /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json Loading Loading @@ -1030,6 +1036,7 @@ docker-publish: fi - BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME} # 1: push main image - log_info "Copying ${DOCKER_SNAPSHOT_IMAGE} to ${DOCKER_RELEASE_IMAGE}..." - skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_SNAPSHOT_IMAGE" "docker://$DOCKER_RELEASE_IMAGE" - | log_info "Well done your image is pushed and can be pulled with: docker pull $DOCKER_RELEASE_IMAGE" Loading Loading
templates/gitlab-ci-docker.yml +9 −2 Original line number Diff line number Diff line Loading @@ -725,6 +725,7 @@ docker-hadolint: script: - autoconfig_hadolint - mkdir -p -m 777 reports - log_info "Scanning ${DOCKER_FILE}..." - dockerfile_hash=$(echo "$DOCKER_FILE" | md5sum | cut -d" " -f1) # Output in Code Climate format (GitLab integration) - hadolint --no-fail -f gitlab_codeclimate $DOCKER_HADOLINT_ARGS $hadolint_config_opts "$DOCKER_FILE" > "reports/docker-hadolint-${dockerfile_hash}.codeclimate.json" Loading Loading @@ -862,7 +863,9 @@ docker-healthcheck: variables: GIT_STRATEGY: none stage: package-test script: | script: - log_info "Healthchecking ${DOCKER_SNAPSHOT_IMAGE}..." - | # Test by internal health_check (Recommended way, more info https://docs.docker.com/engine/reference/builder/#healthcheck) # This looks complicated but you normally don't have to touch this... function unexpected_error() { Loading Loading @@ -928,7 +931,9 @@ docker-trivy: stage: package-test variables: TRIVY_CACHE_DIR: ".trivycache/" script: | script: - log_info "Scanning vulnerabilities from ${DOCKER_SNAPSHOT_IMAGE}..." - | # cache cleanup is needed when scanning images with the same tags, it does not remove the database trivy clean --scan-cache || trivy image --clear-cache export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}} Loading Loading @@ -976,6 +981,7 @@ docker-sbom: name: $DOCKER_SBOM_IMAGE entrypoint: [""] script: - log_info "Extracting SBOM from ${DOCKER_SNAPSHOT_IMAGE}..." - mkdir -p -m 777 reports - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g') - /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json Loading Loading @@ -1030,6 +1036,7 @@ docker-publish: fi - BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME} # 1: push main image - log_info "Copying ${DOCKER_SNAPSHOT_IMAGE} to ${DOCKER_RELEASE_IMAGE}..." - skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_SNAPSHOT_IMAGE" "docker://$DOCKER_RELEASE_IMAGE" - | log_info "Well done your image is pushed and can be pulled with: docker pull $DOCKER_RELEASE_IMAGE" Loading
