Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • master
  • 5
  • 5.10
  • 5.10.1
  • 5.10.2
  • 5.10.3
  • 5.11
  • 5.11.0
  • 5.11.1
  • 5.12
  • 5.12.0
  • 5.12.1
  • 5.13
  • 5.13.0
  • 5.13.1
  • 5.13.2
  • 5.13.3
  • 5.14
  • 5.14.0
  • 5.14.1
  • 6
  • 6.0
  • 6.0.0
  • 6.1
  • 6.1.0
  • 6.1.1
  • 6.1.2
  • 6.1.3
  • 6.1.4
  • 6.1.5
  • 6.1.6
  • 6.1.7
32 results

Target

Select target project
  • smartdatalab/public/ci-cd-components/docker
1 result
Select Git revision
  • master
  • 5
  • 5.10
  • 5.10.1
  • 5.10.2
  • 5.10.3
  • 5.11
  • 5.11.0
  • 5.11.1
  • 5.12
  • 5.12.0
  • 5.12.1
  • 5.13
  • 5.13.0
  • 5.13.1
  • 5.13.2
  • 5.13.3
  • 5.14
  • 5.14.0
  • 5.14.1
  • 6
  • 6.0
  • 6.0.0
  • 6.1
  • 6.1.0
  • 6.1.1
  • 6.1.2
  • 6.1.3
  • 6.1.4
  • 6.1.5
  • 6.1.6
  • 6.1.7
32 results
Show changes
Commits on Source (11)
variables:
GIT_STRATEGY: clone
include:
- component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitlab-ci/extract@master
inputs:
......@@ -21,6 +18,9 @@ include:
- component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/semantic-release/gitlab-ci-semrel@master
inputs:
semantic-release-job-tags: ["docker"]
- component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/gitleaks/gitlab-ci-gitleaks@master
inputs:
gitleaks-job-tags: ["docker"]
stages:
- build
......@@ -30,6 +30,7 @@ stages:
variables:
GITLAB_CI_FILES: "templates/gitlab-ci-docker.yml"
BASH_SHELLCHECK_FILES: "*.sh"
GIT_STRATEGY: clone
semantic-release:
rules:
......
## [5.10.3](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/compare/5.10.2...5.10.3) (2024-07-02)
# [5.11.0](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/compare/5.10.3...5.11.0) (2024-07-26)
### Bug Fixes
### Features
* display tools' version ([9fa5118](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/commit/9fa51183755b94e02af9a3151eccc5ba9be75b15))
# [5.11.0](https://gitlab.com/to-be-continuous/docker/compare/5.10.3...5.11.0) (2024-07-05)
### Features
* **Trivy:** Trivy 0.53.0 added the clean subcommand for semantic cache management ([e3a9540](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/commit/e3a954080b1150ae35c403cffdb71ae750c9a741))
* display tools' version ([9fa5118](https://gitlab.com/to-be-continuous/docker/commit/9fa51183755b94e02af9a3151eccc5ba9be75b15))
## [5.10.2](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/compare/5.10.1...5.10.2) (2024-05-13)
## [5.10.3](https://gitlab.com/to-be-continuous/docker/compare/5.10.2...5.10.3) (2024-07-01)
### Bug Fixes
* **workflow:** disable MR pipeline from prod & integ branches ([6460d7b](https://git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/commit/6460d7bba7a231ff68b163c861a4b40f37ee08bb))
* **Trivy:** Trivy 0.53.0 added the clean subcommand for semantic cache management ([e3a9540](https://gitlab.com/to-be-continuous/docker/commit/e3a954080b1150ae35c403cffdb71ae750c9a741))
## [5.10.2](https://gitlab.com/to-be-continuous/docker/compare/5.10.1...5.10.2) (2024-05-05)
......
......@@ -14,7 +14,7 @@ Add the following to your `gitlab-ci.yml`:
```yaml
include:
# 1: include the component
- component: gitlab.com/to-be-continuous/docker/gitlab-ci-docker@5.10.3
- component: gitlab.com/to-be-continuous/docker/gitlab-ci-docker@5.10.2
# 2: set/override component inputs
inputs:
build-tool: buildah # ⚠ this is only an example
......@@ -28,7 +28,7 @@ Add the following to your `gitlab-ci.yml`:
include:
# 1: include the template
- project: 'to-be-continuous/docker'
ref: '5.10.3'
ref: '5.10.2'
file: '/templates/gitlab-ci-docker.yml'
variables:
......
......@@ -45,7 +45,7 @@ variables:
.docker-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "docker", "5.10.3"]
command: ["--service", "docker", "5.11.0"]
- name: "$TBC_AWS_PROVIDER_IMAGE"
alias: "aws-auth-provider"
id_tokens:
......
......@@ -44,7 +44,7 @@ variables:
.docker-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "docker", "5.10.3"]
command: ["--service", "docker", "5.11.0"]
- name: "$TBC_GCP_PROVIDER_IMAGE"
alias: "gcp-auth-provider"
variables:
......
......@@ -22,7 +22,7 @@ variables:
.docker-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "docker", "5.10.3"]
command: ["--service", "docker", "5.11.0"]
- name: "$TBC_VAULT_IMAGE"
alias: "vault-secrets-provider"
variables:
......
......@@ -697,7 +697,7 @@ stages:
.docker-base:
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "docker", "5.10.3"]
command: ["--service", "docker", "5.11.0"]
before_script:
- !reference [.docker-scripts]
......@@ -715,6 +715,9 @@ stages:
before_script:
- !reference [.docker-scripts]
- create_kaniko_cache_dir
- |
log_info "Kaniko version:"
/kaniko/executor version
.docker-dind-base:
......@@ -730,7 +733,7 @@ stages:
_TRACE: "${TRACE}"
services:
- name: "$TBC_TRACKING_IMAGE"
command: ["--service", "docker", "5.10.3"]
command: ["--service", "docker", "5.11.0"]
- name: $DOCKER_DIND_IMAGE
alias: docker
command:
......@@ -743,6 +746,9 @@ stages:
before_script:
- !reference [.docker-scripts]
- if ! wait_for_docker_daemon; then fail "Docker-in-Docker is not enabled on this runner. Either use a Docker-in-Docker capable runner, or disable this job by setting \$DOCKER_BUILD_TOOL to a different value"; fi
- |
log_info "Docker version:"
docker version
# ==================================================
# Stage: build
......@@ -757,7 +763,11 @@ docker-hadolint:
dependencies: []
script:
- autoconfig_hadolint
- |
log_info "Hadolint version:"
hadolint -v
- mkdir -p -m 777 reports
- log_info "Scanning ${DOCKER_FILE}..."
- dockerfile_hash=$(echo "$DOCKER_FILE" | md5sum | cut -d" " -f1)
# Output in Code Climate format (GitLab integration)
- hadolint --no-fail -f gitlab_codeclimate $DOCKER_HADOLINT_ARGS $hadolint_config_opts "$DOCKER_FILE" > "reports/docker-hadolint-${dockerfile_hash}.codeclimate.json"
......@@ -864,6 +874,9 @@ docker-buildah-build:
buildah_cache_args="--layers --cache-from $buildah_build_cache --cache-to $buildah_build_cache"
log_info "Build cache enabled; CLI options: ${buildah_cache_args}"
fi
- |
log_info "Buildah version:"
buildah version
# build and push image
- buildah build --file "$DOCKER_FILE" --tag $DOCKER_SNAPSHOT_IMAGE $buildah_cache_args --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
- buildah push --digestfile .img-digest.txt "$DOCKER_SNAPSHOT_IMAGE"
......@@ -899,7 +912,9 @@ docker-healthcheck:
variables:
GIT_STRATEGY: none
stage: package-test
script: |
script:
- log_info "Healthchecking ${DOCKER_SNAPSHOT_IMAGE}..."
- |
# Test by internal health_check (Recommended way, more info https://docs.docker.com/engine/reference/builder/#healthcheck)
# This looks complicated but you normally don't have to touch this...
function unexpected_error() {
......@@ -966,9 +981,15 @@ docker-trivy:
stage: package-test
variables:
TRIVY_CACHE_DIR: ".trivycache/"
script: |
script:
- log_info "Scanning vulnerabilities from ${DOCKER_SNAPSHOT_IMAGE}..."
- |
log_info "Trivy version:"
trivy version
- |
# cache cleanup is needed when scanning images with the same tags, it does not remove the database
trivy clean --scan-cache || trivy image --clear-cache
- |
export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
......@@ -1015,6 +1036,10 @@ docker-sbom:
name: $DOCKER_SBOM_IMAGE
entrypoint: [""]
script:
- log_info "Extracting SBOM from ${DOCKER_SNAPSHOT_IMAGE}..."
- |
log_info "Syft version:"
/syft version
- mkdir -p -m 777 reports
- basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
- /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
......@@ -1068,8 +1093,12 @@ docker-publish:
log_warn "\\e[93mYou should consider distinguishing snapshot and release images as they do not differ. Skipping publish phase as image has already been created by previous job.\\e[0m"
exit 0
fi
- |
log_info "Skopeo version:"
skopeo -v
- BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}
# 1: push main image
- log_info "Copying ${DOCKER_SNAPSHOT_IMAGE} to ${DOCKER_RELEASE_IMAGE}..."
- skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_SNAPSHOT_IMAGE" "docker://$DOCKER_RELEASE_IMAGE"
- |
log_info "Well done your image is pushed and can be pulled with: docker pull $DOCKER_RELEASE_IMAGE"
......