Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 4
  • 4.3
  • 4.3.1
  • 4.3.0
  • 4.2
  • 4.2.0
  • 4.1
  • 4.1.0
  • 4.0
  • 4.0.2
  • 4.0.1
  • 4.0.0
  • 3.11.4
  • 3.11.3
  • 3.11.2
  • 3
  • 3.11
  • 3.11.1
  • 3.11.0
20 results

gitlab-ci-maven-jib.yml

Blame
    • gitlab-ci-maven-jib.yml 11.39 KiB 
    # =====================================================================================================================
# === JIB template variant
# =====================================================================================================================
spec:
  inputs:
    jib-snapshot-image:
      description: Maven Jib Snapshot image
      default: $CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG
    jib-release-image:
      description: Maven Jib Release image
      default: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    skopeo-image:
      description: The image used to publish images with Skopeo
      default: quay.io/skopeo/stable:latest
    jib-build-args:
      description: '[Jib Maven Plugin arguments](https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#extended-usage)'
      default: -Djib.to.image=$MAVEN_JIB_SNAPSHOT_IMAGE
    jib-prod-publish-strategy:
      description: Defines the publish to production strategy.
      options:
      - none
      - manual
      - auto
      default: manual
    jib-publish-args:
      description: Additional [`skopeo copy` arguments](https://github.com/containers/skopeo/blob/master/docs/skopeo-copy.1.md#options)
      default: ''
    trivy-disabled:
      description: Disable Maven Trivy
      type: boolean
      default: false
    trivy-image:
      description: The docker image used to scan images with Trivy
      default: registry.hub.docker.com/aquasec/trivy:latest
    trivy-addr:
      description: The Trivy server address
      default: ''
    trivy-security-level-threshold:
      description: 'Severities of vulnerabilities to be displayed (comma separated values:
        `UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`)'
      options:
      - UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
      - LOW,MEDIUM,HIGH,CRITICAL
      - MEDIUM,HIGH,CRITICAL
      - HIGH,CRITICAL
      - CRITICAL
      default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
    trivy-args:
      description: Additional `trivy client` arguments
      default: --ignore-unfixed --vuln-type os
    sbom-image:
      default: registry.hub.docker.com/anchore/syft:debug
    sbom-opts:
      description: Options for syft used for SBOM analysis
      default: --catalogers rpm-db-cataloger,alpmdb-cataloger,apkdb-cataloger,dpkgdb-cataloger,portage-cataloger
---
variables:
  MAVEN_SBOM_IMAGE: $[[ inputs.sbom-image ]]
  MAVEN_SBOM_OPTS: $[[ inputs.sbom-opts ]]
  MAVEN_TRIVY_SECURITY_LEVEL_THRESHOLD: $[[ inputs.trivy-security-level-threshold ]]
  MAVEN_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
  MAVEN_TRIVY_ARGS: $[[ inputs.trivy-args ]]
  MAVEN_JIB_SNAPSHOT_IMAGE: $[[ inputs.jib-snapshot-image ]]
  MAVEN_JIB_RELEASE_IMAGE: $[[ inputs.jib-release-image ]]
  MAVEN_JIB_BUILD_ARGS: $[[ inputs.jib-build-args ]]
  MAVEN_JIB_PROD_PUBLISH_STRATEGY: $[[ inputs.jib-prod-publish-strategy ]]
  MAVEN_SKOPEO_IMAGE: $[[ inputs.skopeo-image ]]
  MAVEN_JIB_PUBLISH_ARGS: $[[ inputs.jib-publish-args ]]
  MAVEN_TRIVY_DISABLED: $[[ inputs.trivy-disabled ]]
  MAVEN_TRIVY_ADDR: $[[ inputs.trivy-addr ]]