From f93a8cb85d9e1f4fd4b9c15ebe19c1e7d3a487e1 Mon Sep 17 00:00:00 2001 From: Victor Zagorodny Date: Tue, 9 Apr 2019 09:00:18 +0000 Subject: Replace the container_scanning job definition with vendored template --- .gitlab-ci.yml | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa4a9a0..ac115e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,6 +5,9 @@ variables: MAJOR: 1 TMP_IMAGE: $CI_REGISTRY_IMAGE/tmp:$CI_COMMIT_SHA +include: + - template: Security/Container-Scanning.gitlab-ci.yml + services: - docker:stable-dind @@ -39,26 +42,8 @@ code_quality: codequality: gl-code-quality-report.json container_scanning: - image: docker:stable - stage: test - allow_failure: true - script: - - docker run -d --name db arminc/clair-db:latest - - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1 - - apk add -U wget ca-certificates - - docker pull $TMP_IMAGE - - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - - mv clair-scanner_linux_amd64 clair-scanner - - chmod +x clair-scanner - - touch clair-whitelist.yml - - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done - - retries=0 - - echo "Waiting for clair daemon to start" - - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done - - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $TMP_IMAGE || true - artifacts: - reports: - container_scanning: gl-container-scanning-report.json + variables: + CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/tmp # only predefined variables are parameter-expanded (no $TMP_IMAGE) .QA: image: docker:stable -- cgit v1.2.3