Merge branch '10400-replace-container-scanning-with-template' into 'master'

Replace the container_scanning job definition with vendored template

See merge request gitlab-org/security-products/license-management!34

1 files changed, 5 insertions, 20 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa4a9a0..ac115e6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,6 +5,9 @@ variables:
   MAJOR: 1
   TMP_IMAGE: $CI_REGISTRY_IMAGE/tmp:$CI_COMMIT_SHA
 
+include:
+  - template: Security/Container-Scanning.gitlab-ci.yml
+
 services:
   - docker:stable-dind
 
@@ -39,26 +42,8 @@ code_quality:
       codequality: gl-code-quality-report.json
 
 container_scanning:
-  image: docker:stable
-  stage: test
-  allow_failure: true
-  script:
-    - docker run -d --name db arminc/clair-db:latest
-    - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
-    - apk add -U wget ca-certificates
-    - docker pull $TMP_IMAGE
-    - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
-    - mv clair-scanner_linux_amd64 clair-scanner
-    - chmod +x clair-scanner
-    - touch clair-whitelist.yml
-    - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
-    - retries=0
-    - echo "Waiting for clair daemon to start"
-    - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
-    - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $TMP_IMAGE || true
-  artifacts:
-    reports:
-      container_scanning: gl-container-scanning-report.json
+  variables:
+    CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/tmp # only predefined variables are parameter-expanded (no $TMP_IMAGE)
 
 .QA:
   image: docker:stable