Merge branch '46-add-registry-name-in-all-docker-images' into 'master'

Resolve "Add registry name in all Docker images" Closes #46 See merge request to-be-continuous/docker!61

Merge branch '46-add-registry-name-in-all-docker-images' into 'master'
48f1493e · Cédric OLIVIER · 171badd0 · b45e6a2b · 48f1493e · 48f1493e
Commit 48f1493e authored 2 years ago by Cédric OLIVIER
--- a/README.md
+++ b/README.md
@@ -34,8 +34,8 @@ The Docker template uses some global configuration used throughout all jobs.
 | --------------------- | -------------------------------------- | ----------------- |
 | `DOCKER_DIND_BUILD`   | Set to enable Docker-in-Docker build (:warning: unsecured, requires privileged runners). | _(none)_ (kaniko build by default) |
 | `DOCKER_KANIKO_IMAGE` | The Docker image used to run kaniko - _for kaniko build only_ | `gcr.io/kaniko-project/executor:debug` (use `debug` images for GitLab) |
-| `DOCKER_IMAGE`        | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:latest`  |
+| `DOCKER_IMAGE`        | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:latest`  |
-| `DOCKER_DIND_IMAGE`   | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:dind`    |
+| `DOCKER_DIND_IMAGE`   | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:dind`    |
 | `DOCKER_FILE`         | The path to your `Dockerfile`          | `./Dockerfile`    |
 | `DOCKER_CONTEXT_PATH` | The Docker [context path](https://docs.docker.com/engine/reference/commandline/build/#build-with-path) (working directory) | _none_ _only set if you want a context path different from the Dockerfile location_ |
@@ -247,7 +247,7 @@ It is bound to the `build` stage, and uses the following variables:
 | Name                  | Description                            | Default value                           |
 | --------------------- | -------------------------------------- | --------------------------------------- |
-| `DOCKER_LINT_IMAGE`   | The dockerlint image                   | `projectatomic/dockerfile-lint:latest`  |
+| `DOCKER_LINT_IMAGE`   | The dockerlint image                   | `registry.hub.docker.com/projectatomic/dockerfile-lint:latest`  |
 | `DOCKER_LINT_ARGS`    | Additional `dockerfile_lint` arguments | _(none)_                                |
 In case you have to disable some rules, copy and edit the [rules](https://github.com/projectatomic/dockerfile_lint#extending-and-customizing-rule-files) into `mycustomdockerlint.yml` and set `DOCKER_LINT_ARGS: '-r mycustomdockerlint.yml'`
@@ -260,7 +260,7 @@ It is bound to the `build` stage, and uses the following variables:
 | Name                       | Description                            | Default value                           |
 | -------------------------- | -------------------------------------- | --------------------------------------- |
-| `DOCKER_HADOLINT_IMAGE`    | The Hadolint image                     | `hadolint/hadolint:latest-alpine`       |
+| `DOCKER_HADOLINT_IMAGE`    | The Hadolint image                     | `registry.hub.docker.com/hadolint/hadolint:latest-alpine`       |
 | `DOCKER_HADOLINT_ARGS`     | Additional `hadolint` arguments        | _(none)_                        |
 In case you have to disable some rules, either add `--ignore XXXX` to the `DOCKER_HADOLINT_ARGS` variable or create a [Hadolint configuration file](https://github.com/hadolint/hadolint#configure) named `hadolint.yaml` at the root of your repository.
@@ -384,7 +384,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | Name                   | Description                            | Default value     |
 | ---------------------- | -------------------------------------- | ----------------- |
-| `DOCKER_TRIVY_IMAGE`   | The docker image used to scan images with Trivy | `aquasec/trivy:latest` |
+| `DOCKER_TRIVY_IMAGE`   | The docker image used to scan images with Trivy | `registry.hub.docker.com/aquasec/trivy:latest` |
 | `DOCKER_TRIVY_ADDR`    | The Trivy server address (for client/server mode)              | _(none: standalone mode)_  |
 | `DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD`| Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`) | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL`  |
 | `DOCKER_TRIVY_DISABLED`| Set to `true` to disable Trivy analysis          | _(none)_ |
@@ -406,7 +406,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | Name                  | description                            | default value     |
 | --------------------- | -------------------------------------- | ----------------- |
 | `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
-| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `anchore/syft:debug` |
+| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
 | `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger` |
 ### `docker-publish` job

--- a/kicker.json
+++ b/kicker.json
@@ -12,12 +12,12 @@
    {
      "name": "DOCKER_IMAGE",
      "description": "The Docker image used to run the docker client\n\n_for Docker-in-Docker build only_",
-      "default": "docker:latest"
+      "default": "registry.hub.docker.com/library/docker:latest"
    },
    {
      "name": "DOCKER_DIND_IMAGE",
      "description": "The Docker image used to run the Docker daemon\n\n_for Docker-in-Docker build only_",
-      "default": "docker:dind"
+      "default": "registry.hub.docker.com/library/docker:dind"
    },
    {
      "name": "DOCKER_SKOPEO_IMAGE",
@@ -90,7 +90,7 @@
        {
          "name": "DOCKER_LINT_IMAGE",
          "description": "The docker image to lint your Dockerfile",
-          "default": "projectatomic/dockerfile-lint:latest"
+          "default": "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
        },
        {
          "name": "DOCKER_LINT_ARGS",
@@ -108,7 +108,7 @@
        {
          "name": "DOCKER_HADOLINT_IMAGE",
          "description": "The docker image to lint your Dockerfile with Hadolint",
-          "default": "hadolint/hadolint:latest-alpine"
+          "default": "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
        },
        {
          "name": "DOCKER_HADOLINT_ARGS",
@@ -157,7 +157,7 @@
        {
          "name": "DOCKER_TRIVY_IMAGE",
          "description": "The docker image used to scan images with Trivy",
-          "default": "aquasec/trivy:latest",
+          "default": "registry.hub.docker.com/aquasec/trivy:latest",
          "advanced": true
        },
        {
@@ -188,7 +188,7 @@
      "variables": [
        {
          "name": "DOCKER_SBOM_IMAGE",
-          "default": "anchore/syft:debug"
+          "default": "registry.hub.docker.com/anchore/syft:debug"
        },
        {
          "name": "DOCKER_SBOM_OPTS",

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -44,10 +44,10 @@ variables:
  # variabilized tracking image
  TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
-  DOCKER_LINT_IMAGE: "projectatomic/dockerfile-lint:latest"
+  DOCKER_LINT_IMAGE: "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
-  DOCKER_HADOLINT_IMAGE: "hadolint/hadolint:latest-alpine"
+  DOCKER_HADOLINT_IMAGE: "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
-  DOCKER_IMAGE: "docker:latest"
+  DOCKER_IMAGE: "registry.hub.docker.com/library/docker:latest"
-  DOCKER_DIND_IMAGE: "docker:dind"
+  DOCKER_DIND_IMAGE: "registry.hub.docker.com/library/docker:dind"
  DOCKER_KANIKO_IMAGE: "gcr.io/kaniko-project/executor:debug"
  DOCKER_SKOPEO_IMAGE: "quay.io/skopeo/stable:latest"
@@ -66,11 +66,11 @@ variables:
  DOCKER_KANIKO_VERBOSITY: "info"
  DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
-  DOCKER_TRIVY_IMAGE: "aquasec/trivy:latest"
+  DOCKER_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
  DOCKER_TRIVY_ARGS: "--ignore-unfixed --vuln-type os"
  # SBOM genenration image and arguments
-  DOCKER_SBOM_IMAGE: anchore/syft:debug
+  DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
  DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger"
  # by default: DevOps pipeline