| `hadolint-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `hadolint-job-tags` / `DOCKER_HADOLINT_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In case you have to disable some rules, either add `--ignore XXXX` to the `DOCKER_HADOLINT_ARGS` variable or create a [Hadolint configuration file](https://github.com/hadolint/hadolint#configure) named `hadolint.yaml` at the root of your repository.
...
...
@@ -308,9 +308,9 @@ It is bound to the `package-build` stage, and uses the following variables:
| `metadata` / `DOCKER_METADATA` | Additional `docker build`/`kaniko` arguments to set label | OCI Image Format Specification |
| `kaniko-snapshot-image-cache` / `KANIKO_SNAPSHOT_IMAGE_CACHE` | Snapshot image repository that will be used to store cached layers (leave empty to use default: snapshot image repository + `/cache`)<br>:warning: Used by the `kaniko` build only | _none_ (default cache path) |
| `build-cache-disabled` / `DOCKER_BUILD_CACHE_DISABLED` | Set to `true` to disable the build cache.<br/>Cache can typically be disabled when there is a network latency between the container registry and the runner. | _none_ (i.e cache enabled) |
| `kaniko-build-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `dind-build-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `buildah-build-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `kaniko-build-job-tags` / `DOCKER_KANIKO_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
| `dind-build-job-tags` / `DOCKER_DIND_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
| `buildah-build-job-tags` / `DOCKER_BUILDAH_BUILD_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
This job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)):
...
...
@@ -379,7 +379,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| `healthcheck-timeout` / `DOCKER_HEALTHCHECK_TIMEOUT` | When testing a Docker Health (test stage), how long (in seconds) wait for the [HealthCheck status](https://docs.docker.com/engine/reference/builder/#healthcheck) | `60` |
| `healthcheck-options` / `DOCKER_HEALTHCHECK_OPTIONS` | Docker options for health check such as port mapping, environment... | _(none)_ |
| `healthcheck-container-args` / `DOCKER_HEALTHCHECK_CONTAINER_ARGS` | Set arguments sent to the running container for health check | _(none)_ |
| `healthcheck-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `healthcheck-job-tags` / `DOCKER_HEALTHCHECK_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In case your Docker image is not intended to run as a service and only contains a *client tool* (like curl, Ansible, ...) you can test it by overriding the Health Check Job. See [this example](#overriding-docker-healthcheck).
...
...
@@ -410,7 +410,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| `trivy-db-repository` / `DOCKER_TRIVY_DB_REPOSITORY` | OCI repository to retrieve Trivy Database from | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-db`) |
| `trivy-java-db-repository` / `DOCKER_TRIVY_JAVA_DB_REPOSITORY` | OCI repository to retrieve Trivy Java Database from | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-java-db:1`)_ |
| `docker-trivy-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `docker-trivy-job-tags` / `DOCKER_TRIVY_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
In addition to a textual report in the console, this job produces the following reports, kept for one day:
...
...
@@ -430,7 +430,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| `sbom-disabled` / `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `sbom-image` / `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
| `sbom-opts` / `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--override-default-catalogers rpm-db-cataloger,alpm-db-cataloger,apk-db-cataloger,dpkg-db-cataloger,portage-cataloger` |
| `docker-sbom-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `docker-sbom-job-tags` / `DOCKER_SBOM_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
### `docker-publish` job
...
...
@@ -444,7 +444,7 @@ This job pushes (_promotes_) the built image as the _release_ image [skopeo](htt
| `release-extra-tags-pattern` / `DOCKER_RELEASE_EXTRA_TAGS_PATTERN` | Defines the image tag pattern that `$DOCKER_RELEASE_IMAGE` should match to push extra tags (supports capturing groups - [see below](#using-extra-tags)) | `^v?(?P<major>[0-9]+)\\.(?P<minor>[0-9]+)\\.(?P<patch>[0-9]+)(?P<suffix>(?P<prerelease>-[0-9A-Za-z-\\.]+)?(?P<build>\\+[0-9A-Za-z-\\.]+)?)$` _(SemVer pattern)_ |
| `release-extra-tags` / `DOCKER_RELEASE_EXTRA_TAGS` | Defines extra tags to publish the _release_ image (supports capturing group references from `$DOCKER_RELEASE_EXTRA_TAGS_PATTERN` - [see below](#using-extra-tags)) | _(none)_ |
| `semrel-release-disabled` / `DOCKER_SEMREL_RELEASE_DISABLED` | Set to `true` to disable [semantic-release integration](#semantic-release-integration) | _none_ (enabled) |
| `docker-publish-job-tags` / | Tags to be used for selecting runners for the job | `[]` |
| `docker-publish-job-tags` / `DOCKER_PUBLISH_JOB_TAGS` | Tags to be used for selecting runners for the job | `[]` |
This job produces _output variables_ that are propagated to downstream jobs (using [dotenv artifacts](https://docs.gitlab.com/ee/ci/pipelines/job_artifacts.html#artifactsreportsdotenv)):
