Skip to content
Snippets Groups Projects
Commit b45e6a2b authored by Bertrand Goareguer's avatar Bertrand Goareguer Committed by Cédric OLIVIER
Browse files

fix: "Add registry name in all Docker images"

parent 171badd0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 6
6
View file @ b45e6a2b
......@@ -34,8 +34,8 @@ The Docker template uses some global configuration used throughout all jobs.
| --------------------- | -------------------------------------- | ----------------- |
| `DOCKER_DIND_BUILD` | Set to enable Docker-in-Docker build (:warning: unsecured, requires privileged runners). | _(none)_ (kaniko build by default) |
| `DOCKER_KANIKO_IMAGE` | The Docker image used to run kaniko - _for kaniko build only_ | `gcr.io/kaniko-project/executor:debug` (use `debug` images for GitLab) |
| `DOCKER_IMAGE` | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:latest` |
| `DOCKER_DIND_IMAGE` | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:dind` |
| `DOCKER_IMAGE` | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:latest` |
| `DOCKER_DIND_IMAGE` | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:dind` |
| `DOCKER_FILE` | The path to your `Dockerfile` | `./Dockerfile` |
| `DOCKER_CONTEXT_PATH` | The Docker [context path](https://docs.docker.com/engine/reference/commandline/build/#build-with-path) (working directory) | _none_ _only set if you want a context path different from the Dockerfile location_ |
......@@ -247,7 +247,7 @@ It is bound to the `build` stage, and uses the following variables:
| Name | Description | Default value |
| --------------------- | -------------------------------------- | --------------------------------------- |
| `DOCKER_LINT_IMAGE` | The dockerlint image | `projectatomic/dockerfile-lint:latest` |
| `DOCKER_LINT_IMAGE` | The dockerlint image | `registry.hub.docker.com/projectatomic/dockerfile-lint:latest` |
| `DOCKER_LINT_ARGS` | Additional `dockerfile_lint` arguments | _(none)_ |
In case you have to disable some rules, copy and edit the [rules](https://github.com/projectatomic/dockerfile_lint#extending-and-customizing-rule-files) into `mycustomdockerlint.yml` and set `DOCKER_LINT_ARGS: '-r mycustomdockerlint.yml'`
......@@ -260,7 +260,7 @@ It is bound to the `build` stage, and uses the following variables:
| Name | Description | Default value |
| -------------------------- | -------------------------------------- | --------------------------------------- |
| `DOCKER_HADOLINT_IMAGE` | The Hadolint image | `hadolint/hadolint:latest-alpine` |
| `DOCKER_HADOLINT_IMAGE` | The Hadolint image | `registry.hub.docker.com/hadolint/hadolint:latest-alpine` |
| `DOCKER_HADOLINT_ARGS` | Additional `hadolint` arguments | _(none)_ |
In case you have to disable some rules, either add `--ignore XXXX` to the `DOCKER_HADOLINT_ARGS` variable or create a [Hadolint configuration file](https://github.com/hadolint/hadolint#configure) named `hadolint.yaml` at the root of your repository.
......@@ -384,7 +384,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| Name | Description | Default value |
| ---------------------- | -------------------------------------- | ----------------- |
| `DOCKER_TRIVY_IMAGE` | The docker image used to scan images with Trivy | `aquasec/trivy:latest` |
| `DOCKER_TRIVY_IMAGE` | The docker image used to scan images with Trivy | `registry.hub.docker.com/aquasec/trivy:latest` |
| `DOCKER_TRIVY_ADDR` | The Trivy server address (for client/server mode) | _(none: standalone mode)_ |
| `DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD`| Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`) | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
| `DOCKER_TRIVY_DISABLED`| Set to `true` to disable Trivy analysis | _(none)_ |
......@@ -406,7 +406,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| Name | description | default value |
| --------------------- | -------------------------------------- | ----------------- |
| `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `anchore/syft:debug` |
| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger` |
### `docker-publish` job
......
kicker.json
+ 6
6
View file @ b45e6a2b
......@@ -12,12 +12,12 @@
{
"name": "DOCKER_IMAGE",
"description": "The Docker image used to run the docker client\n\n_for Docker-in-Docker build only_",
"default": "docker:latest"
"default": "registry.hub.docker.com/library/docker:latest"
},
{
"name": "DOCKER_DIND_IMAGE",
"description": "The Docker image used to run the Docker daemon\n\n_for Docker-in-Docker build only_",
"default": "docker:dind"
"default": "registry.hub.docker.com/library/docker:dind"
},
{
"name": "DOCKER_SKOPEO_IMAGE",
......@@ -90,7 +90,7 @@
{
"name": "DOCKER_LINT_IMAGE",
"description": "The docker image to lint your Dockerfile",
"default": "projectatomic/dockerfile-lint:latest"
"default": "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
},
{
"name": "DOCKER_LINT_ARGS",
......@@ -108,7 +108,7 @@
{
"name": "DOCKER_HADOLINT_IMAGE",
"description": "The docker image to lint your Dockerfile with Hadolint",
"default": "hadolint/hadolint:latest-alpine"
"default": "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
},
{
"name": "DOCKER_HADOLINT_ARGS",
......@@ -157,7 +157,7 @@
{
"name": "DOCKER_TRIVY_IMAGE",
"description": "The docker image used to scan images with Trivy",
"default": "aquasec/trivy:latest",
"default": "registry.hub.docker.com/aquasec/trivy:latest",
"advanced": true
},
{
......@@ -188,7 +188,7 @@
"variables": [
{
"name": "DOCKER_SBOM_IMAGE",
"default": "anchore/syft:debug"
"default": "registry.hub.docker.com/anchore/syft:debug"
},
{
"name": "DOCKER_SBOM_OPTS",
......
templates/gitlab-ci-docker.yml
+ 6
6
View file @ b45e6a2b
......@@ -44,10 +44,10 @@ variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
DOCKER_LINT_IMAGE: "projectatomic/dockerfile-lint:latest"
DOCKER_HADOLINT_IMAGE: "hadolint/hadolint:latest-alpine"
DOCKER_IMAGE: "docker:latest"
DOCKER_DIND_IMAGE: "docker:dind"
DOCKER_LINT_IMAGE: "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
DOCKER_HADOLINT_IMAGE: "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
DOCKER_IMAGE: "registry.hub.docker.com/library/docker:latest"
DOCKER_DIND_IMAGE: "registry.hub.docker.com/library/docker:dind"
DOCKER_KANIKO_IMAGE: "gcr.io/kaniko-project/executor:debug"
DOCKER_SKOPEO_IMAGE: "quay.io/skopeo/stable:latest"
......@@ -66,11 +66,11 @@ variables:
DOCKER_KANIKO_VERBOSITY: "info"
DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
DOCKER_TRIVY_IMAGE: "aquasec/trivy:latest"
DOCKER_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
DOCKER_TRIVY_ARGS: "--ignore-unfixed --vuln-type os"
# SBOM genenration image and arguments
DOCKER_SBOM_IMAGE: anchore/syft:debug
DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger"
# by default: DevOps pipeline
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment