From b45e6a2b9cd760a7552fee3c2646a6db91871744 Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Fri, 27 Jan 2023 08:10:32 +0000
Subject: [PATCH] fix: "Add registry name in all Docker images"
---
README.md | 12 ++++++------
kicker.json | 12 ++++++------
templates/gitlab-ci-docker.yml | 12 ++++++------
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/README.md b/README.md
index 94a1b87..e0ff646 100644
--- a/README.md
+++ b/README.md
@@ -34,8 +34,8 @@ The Docker template uses some global configuration used throughout all jobs.
| --------------------- | -------------------------------------- | ----------------- |
| `DOCKER_DIND_BUILD` | Set to enable Docker-in-Docker build (:warning: unsecured, requires privileged runners). | _(none)_ (kaniko build by default) |
| `DOCKER_KANIKO_IMAGE` | The Docker image used to run kaniko - _for kaniko build only_ | `gcr.io/kaniko-project/executor:debug` (use `debug` images for GitLab) |
-| `DOCKER_IMAGE` | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:latest` |
-| `DOCKER_DIND_IMAGE` | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `docker:dind` |
+| `DOCKER_IMAGE` | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:latest` |
+| `DOCKER_DIND_IMAGE` | The Docker image used to run the Docker daemon (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:dind` |
| `DOCKER_FILE` | The path to your `Dockerfile` | `./Dockerfile` |
| `DOCKER_CONTEXT_PATH` | The Docker [context path](https://docs.docker.com/engine/reference/commandline/build/#build-with-path) (working directory) | _none_ _only set if you want a context path different from the Dockerfile location_ |
@@ -247,7 +247,7 @@ It is bound to the `build` stage, and uses the following variables:
| Name | Description | Default value |
| --------------------- | -------------------------------------- | --------------------------------------- |
-| `DOCKER_LINT_IMAGE` | The dockerlint image | `projectatomic/dockerfile-lint:latest` |
+| `DOCKER_LINT_IMAGE` | The dockerlint image | `registry.hub.docker.com/projectatomic/dockerfile-lint:latest` |
| `DOCKER_LINT_ARGS` | Additional `dockerfile_lint` arguments | _(none)_ |
In case you have to disable some rules, copy and edit the [rules](https://github.com/projectatomic/dockerfile_lint#extending-and-customizing-rule-files) into `mycustomdockerlint.yml` and set `DOCKER_LINT_ARGS: '-r mycustomdockerlint.yml'`
@@ -260,7 +260,7 @@ It is bound to the `build` stage, and uses the following variables:
| Name | Description | Default value |
| -------------------------- | -------------------------------------- | --------------------------------------- |
-| `DOCKER_HADOLINT_IMAGE` | The Hadolint image | `hadolint/hadolint:latest-alpine` |
+| `DOCKER_HADOLINT_IMAGE` | The Hadolint image | `registry.hub.docker.com/hadolint/hadolint:latest-alpine` |
| `DOCKER_HADOLINT_ARGS` | Additional `hadolint` arguments | _(none)_ |
In case you have to disable some rules, either add `--ignore XXXX` to the `DOCKER_HADOLINT_ARGS` variable or create a [Hadolint configuration file](https://github.com/hadolint/hadolint#configure) named `hadolint.yaml` at the root of your repository.
@@ -384,7 +384,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| Name | Description | Default value |
| ---------------------- | -------------------------------------- | ----------------- |
-| `DOCKER_TRIVY_IMAGE` | The docker image used to scan images with Trivy | `aquasec/trivy:latest` |
+| `DOCKER_TRIVY_IMAGE` | The docker image used to scan images with Trivy | `registry.hub.docker.com/aquasec/trivy:latest` |
| `DOCKER_TRIVY_ADDR` | The Trivy server address (for client/server mode) | _(none: standalone mode)_ |
| `DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD`| Severities of vulnerabilities to be displayed (comma separated values: `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`) | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
| `DOCKER_TRIVY_DISABLED`| Set to `true` to disable Trivy analysis | _(none)_ |
@@ -406,7 +406,7 @@ It is bound to the `package-test` stage, and uses the following variables:
| Name | description | default value |
| --------------------- | -------------------------------------- | ----------------- |
| `DOCKER_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |
-| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `anchore/syft:debug` |
+| `DOCKER_SBOM_IMAGE` | The docker image used to emit SBOM | `registry.hub.docker.com/anchore/syft:debug` |
| `DOCKER_SBOM_OPTS` | Options for syft used for SBOM analysis | `--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger` |
### `docker-publish` job
diff --git a/kicker.json b/kicker.json
index 2fe44d4..b25df87 100644
--- a/kicker.json
+++ b/kicker.json
@@ -12,12 +12,12 @@
{
"name": "DOCKER_IMAGE",
"description": "The Docker image used to run the docker client\n\n_for Docker-in-Docker build only_",
- "default": "docker:latest"
+ "default": "registry.hub.docker.com/library/docker:latest"
},
{
"name": "DOCKER_DIND_IMAGE",
"description": "The Docker image used to run the Docker daemon\n\n_for Docker-in-Docker build only_",
- "default": "docker:dind"
+ "default": "registry.hub.docker.com/library/docker:dind"
},
{
"name": "DOCKER_SKOPEO_IMAGE",
@@ -90,7 +90,7 @@
{
"name": "DOCKER_LINT_IMAGE",
"description": "The docker image to lint your Dockerfile",
- "default": "projectatomic/dockerfile-lint:latest"
+ "default": "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
},
{
"name": "DOCKER_LINT_ARGS",
@@ -108,7 +108,7 @@
{
"name": "DOCKER_HADOLINT_IMAGE",
"description": "The docker image to lint your Dockerfile with Hadolint",
- "default": "hadolint/hadolint:latest-alpine"
+ "default": "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
},
{
"name": "DOCKER_HADOLINT_ARGS",
@@ -157,7 +157,7 @@
{
"name": "DOCKER_TRIVY_IMAGE",
"description": "The docker image used to scan images with Trivy",
- "default": "aquasec/trivy:latest",
+ "default": "registry.hub.docker.com/aquasec/trivy:latest",
"advanced": true
},
{
@@ -188,7 +188,7 @@
"variables": [
{
"name": "DOCKER_SBOM_IMAGE",
- "default": "anchore/syft:debug"
+ "default": "registry.hub.docker.com/anchore/syft:debug"
},
{
"name": "DOCKER_SBOM_OPTS",
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index b486e4b..17433af 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -44,10 +44,10 @@ variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"
- DOCKER_LINT_IMAGE: "projectatomic/dockerfile-lint:latest"
- DOCKER_HADOLINT_IMAGE: "hadolint/hadolint:latest-alpine"
- DOCKER_IMAGE: "docker:latest"
- DOCKER_DIND_IMAGE: "docker:dind"
+ DOCKER_LINT_IMAGE: "registry.hub.docker.com/projectatomic/dockerfile-lint:latest"
+ DOCKER_HADOLINT_IMAGE: "registry.hub.docker.com/hadolint/hadolint:latest-alpine"
+ DOCKER_IMAGE: "registry.hub.docker.com/library/docker:latest"
+ DOCKER_DIND_IMAGE: "registry.hub.docker.com/library/docker:dind"
DOCKER_KANIKO_IMAGE: "gcr.io/kaniko-project/executor:debug"
DOCKER_SKOPEO_IMAGE: "quay.io/skopeo/stable:latest"
@@ -66,11 +66,11 @@ variables:
DOCKER_KANIKO_VERBOSITY: "info"
DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
- DOCKER_TRIVY_IMAGE: "aquasec/trivy:latest"
+ DOCKER_TRIVY_IMAGE: "registry.hub.docker.com/aquasec/trivy:latest"
DOCKER_TRIVY_ARGS: "--ignore-unfixed --vuln-type os"
# SBOM genenration image and arguments
- DOCKER_SBOM_IMAGE: anchore/syft:debug
+ DOCKER_SBOM_IMAGE: "registry.hub.docker.com/anchore/syft:debug"
DOCKER_SBOM_OPTS: "--catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger"
# by default: DevOps pipeline
--
GitLab