From b45e6a2b9cd760a7552fee3c2646a6db91871744 Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Fri, 27 Jan 2023 08:10:32 +0000
Subject: [PATCH] fix: "Add registry name in all Docker images"

---
 README.md                      | 12 ++++++------
 kicker.json                    | 12 ++++++------
 templates/gitlab-ci-docker.yml | 12 ++++++------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 94a1b87..e0ff646 100644
--- a/README.md
+++ b/README.md
@@ -34,8 +34,8 @@ The Docker template uses some global configuration used throughout all jobs.
 | --------------------- | -------------------------------------- | ----------------- |
 | `DOCKER_DIND_BUILD`   | Set to enable Docker-in-Docker build (:warning: unsecured, requires privileged runners). | _(none)_ (kaniko build by default) |
 | `DOCKER_KANIKO_IMAGE` | The Docker image used to run kaniko - _for kaniko build only_ | `gcr.io/kaniko-project/executor:debug` (use `debug` images for GitLab) |
-| `DOCKER_IMAGE`        | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:latest`  |
-| `DOCKER_DIND_IMAGE`   | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:dind`    |
+| `DOCKER_IMAGE`        | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:latest`  |
+| `DOCKER_DIND_IMAGE`   | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:dind`    |
 | `DOCKER_FILE`         | The path to your `Dockerfile`          | `./Dockerfile`    |
 | `DOCKER_CONTEXT_PATH` | The Docker [context path](https://docs.docker.com/engine/reference/commandline/build/#build-with-path) (working directory) | _none_ _only set if you want a context path different from the Dockerfile location_ |
 
@@ -247,7 +247,7 @@ It is bound to the `build` stage, and uses the following variables:
 
 | Name                  | Description                            | Default value                           |
 | --------------------- | -------------------------------------- | --------------------------------------- |
-| `DOCKER_LINT_IMAGE`   | The dockerlint image                   | `projectatomic/dockerfile-lint:latest`  |
+| `DOCKER_LINT_IMAGE`   | The dockerlint image                   | `registry.hub.docker.com/projectatomic/dockerfile-lint:latest`  |
 | `DOCKER_LINT_ARGS`    | Additional `dockerfile_lint` arguments | _(none)_                                |
 
 In case you have to disable some rules, copy and edit the [rules](https://github.com/projectatomic/dockerfile_lint#extending-and-customizing-rule-files) into `mycustomdockerlint.yml` and set `DOCKER_LINT_ARGS: '-r mycustomdockerlint.yml'`
@@ -260,7 +260,7 @@ It is bound to the `build` stage, and uses the following variables:
 
 | Name                       | Description                            | Default value                           |
 | -------------------------- | -------------------------------------- | --------------------------------------- |
-| `DOCKER_HADOLINT_IMAGE`    | The Hadolint image                     | `hadolint/hadolint:latest-alpine`       |
+| `DOCKER_HADOLINT_IMAGE`    | The Hadolint image                     | `registry.hub.docker.com/hadolint/hadolint:latest-alpine`       |
 | `DOCKER_HADOLINT_ARGS`     | Additional `hadolint` arguments        | _(none)_                        |
 
 In case you have to disable some rules, either add `--ignore XXXX` to the `DOCKER_HADOLINT_ARGS` variable or create a [Hadolint configuration file](https://github.com/hadolint/hadolint#configure) named `hadolint.yaml` at the root of your repository.
@@ -384,7 +384,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 
 | Name                   | Description                            | Default value     |
 | ---------------------- | -------------------------------------- | ----------------- |
-| `DOCKER_TRIVY_IMAGE`   | The docker image used to scan images with Trivy | `aquasec/trivy:latest` |
+| `DOCKER_TRIVY_IMAGE`   | The docker image used to scan images with Trivy | `registry.hub.docker.com/aquasec/trivy:latest` |
 | `DOCKER_TRIVY_ADDR`    | The Trivy server address (for client/server mode)              | _(none: standalone mode)_  |
 | `DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD`| Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`) | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL`  |
 | `DOCKER_TRIVY_DISABLED`| Set to `true` to disable Trivy analysis          | _(none)_ |
@@ -406,7 +406,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | Name                  | description                            | default value     |
 | --------------------- | -------------------------------------- | ----------------- |
 | `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
-| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `anchore/syft:debug` |
+| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
 | `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger` |
 
 ### `docker-publish` job
diff --git a/kicker.json b/kicker.json
index 2fe44d4..b25df87 100644
--- a/kicker.json
+++ b/kicker.json
@@ -12,12 +12,12 @@
     {
       "name": "DOCKER_IMAGE",
       "description": "The Docker image used to run the docker client\n\n_for Docker-in-Docker build only_",
-      "default": "docker:latest"
+      "default": "registry.hub.docker.com/library/docker:latest"
     },
     {
       "name": "DOCKER_DIND_IMAGE",
       "description": "The Docker image used to run the Docker daemon\n\n_for Docker-in-Docker build only_",
-      "default": "docker:dind"
+      "default": "registry.hub.docker.com/library/docker:dind"
     },
     {
       "name": "DOCKER_SKOPEO_IMAGE",
@@ -90,7 +90,7 @@
         {
           "name": "DOCKER_LINT_IMAGE",
           "description": "The docker image to lint your Dockerfile",
-          "default": "projectatomic/dockerfile-lint:latest"
+          "default": "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
         },
         {
           "name": "DOCKER_LINT_ARGS",
@@ -108,7 +108,7 @@
         {
           "name": "DOCKER_HADOLINT_IMAGE",
           "description": "The docker image to lint your Dockerfile with Hadolint",
-          "default": "hadolint/hadolint:latest-alpine"
+          "default": "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
         },
         {
           "name": "DOCKER_HADOLINT_ARGS",
@@ -157,7 +157,7 @@
         {
           "name": "DOCKER_TRIVY_IMAGE",
           "description": "The docker image used to scan images with Trivy",
-          "default": "aquasec/trivy:latest",
+          "default": "registry.hub.docker.com/aquasec/trivy:latest",
           "advanced": true
         },
         {
@@ -188,7 +188,7 @@
       "variables": [
         {
           "name": "DOCKER_SBOM_IMAGE",
-          "default": "anchore/syft:debug"
+          "default": "registry.hub.docker.com/anchore/syft:debug"
         },
         {
           "name": "DOCKER_SBOM_OPTS",
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index b486e4b..17433af 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -44,10 +44,10 @@ variables:
   # variabilized tracking image
   TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
 
-  DOCKER_LINT_IMAGE: "projectatomic/dockerfile-lint:latest"
-  DOCKER_HADOLINT_IMAGE: "hadolint/hadolint:latest-alpine"
-  DOCKER_IMAGE: "docker:latest"
-  DOCKER_DIND_IMAGE: "docker:dind"
+  DOCKER_LINT_IMAGE: "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
+  DOCKER_HADOLINT_IMAGE: "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
+  DOCKER_IMAGE: "registry.hub.docker.com/library/docker:latest"
+  DOCKER_DIND_IMAGE: "registry.hub.docker.com/library/docker:dind"
   DOCKER_KANIKO_IMAGE: "gcr.io/kaniko-project/executor:debug"
   DOCKER_SKOPEO_IMAGE: "quay.io/skopeo/stable:latest"
 
@@ -66,11 +66,11 @@ variables:
   DOCKER_KANIKO_VERBOSITY: "info"
 
   DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
-  DOCKER_TRIVY_IMAGE: "aquasec/trivy:latest"
+  DOCKER_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
   DOCKER_TRIVY_ARGS: "--ignore-unfixed --vuln-type os"
 
   # SBOM genenration image and arguments
-  DOCKER_SBOM_IMAGE: anchore/syft:debug
+  DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
   DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger"
 
   # by default: DevOps pipeline
-- 
GitLab