feat: display tools' version

templates/gitlab-ci-docker.yml

@@ -682,6 +682,9 @@ stages:
   before_script:
   - !reference [.docker-scripts]
   - create_kaniko_cache_dir
+  - |
+    log_info "Kaniko version:"
+    /kaniko/executor version
 
 
 .docker-dind-base:
@@ -710,6 +713,9 @@ stages:
   before_script:
     - !reference [.docker-scripts]
     - if ! wait_for_docker_daemon; then fail "Docker-in-Docker is not enabled on this runner. Either use a Docker-in-Docker capable runner, or disable this job by setting \$DOCKER_BUILD_TOOL to a different value"; fi
+    - |
+      log_info "Docker version:"
+      docker version
 
 # ==================================================
 # Stage: build
@@ -724,6 +730,9 @@ docker-hadolint:
   dependencies: []
   script:
     - autoconfig_hadolint
+    - |
+      log_info "Hadolint version:"
+      hadolint -v
     - mkdir -p -m 777 reports
     - log_info "Scanning ${DOCKER_FILE}..."
     - dockerfile_hash=$(echo "$DOCKER_FILE" | md5sum | cut -d" " -f1)
@@ -829,6 +838,9 @@ docker-buildah-build:
           buildah_cache_args="--layers --cache-from $buildah_build_cache --cache-to $buildah_build_cache"
           log_info "Build cache enabled; CLI options: ${buildah_cache_args}"
       fi
+    - |
+      log_info "Buildah version:"
+      buildah version
     # build and push image
     - buildah build --file "$DOCKER_FILE" --tag $DOCKER_SNAPSHOT_IMAGE $buildah_cache_args --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
     - buildah push --digestfile .img-digest.txt "$DOCKER_SNAPSHOT_IMAGE"
@@ -933,9 +945,13 @@ docker-trivy:
     TRIVY_CACHE_DIR: ".trivycache/"
   script:
   - log_info "Scanning vulnerabilities from ${DOCKER_SNAPSHOT_IMAGE}..."
+  - |
+    log_info "Trivy version:"
+    trivy version
   - |
     # cache cleanup is needed when scanning images with the same tags, it does not remove the database
     trivy clean --scan-cache || trivy image --clear-cache
+  - |
     export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
     export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
     basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
@@ -982,6 +998,9 @@ docker-sbom:
     entrypoint: [""]
   script:
     - log_info "Extracting SBOM from ${DOCKER_SNAPSHOT_IMAGE}..."
+    - |
+      log_info "Syft version:"
+      /syft version
     - mkdir -p -m 777 reports
     - basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
     - /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
@@ -1034,6 +1053,9 @@ docker-publish:
         log_warn "\\e[93mYou should consider distinguishing snapshot and release images as they do not differ. Skipping publish phase as image has already been created by previous job.\\e[0m"
         exit 0
       fi
+    - |
+      log_info "Skopeo version:"
+      skopeo -v
     - BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}
     # 1: push main image
     - log_info "Copying ${DOCKER_SNAPSHOT_IMAGE} to ${DOCKER_RELEASE_IMAGE}..."