Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
U
ubuntu_20_04
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
HZB
EPICS
base
ubuntu_20_04
Commits
9d993088
Commit
9d993088
authored
1 year ago
by
(INACTIVE) Marcel Bajdel (new marcel.bajdel)
Browse files
Options
Downloads
Patches
Plain Diff
Adding additional info
parent
544f3e40
No related branches found
Branches containing commit
No related tags found
Tags containing commit
3 merge requests
!20
Release
,
!13
Docker image branch
,
!12
Docker image branch
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
.gitlab-ci.yml
+23
-22
23 additions, 22 deletions
.gitlab-ci.yml
with
23 additions
and
22 deletions
.gitlab-ci.yml
+
23
−
22
View file @
9d993088
stages
:
# List of stages for jobs, and their order of execution
-
build_branch
# builds if the image does not exist
-
check_image_tag
# Check whether there are any vulnerabilities in the image
-
branch_scan
# Check whether the image is already existing or not for the tag
-
check_image_tag
# Check whether there are any vulnerabilities in the image
-
build_main
# builds when the merge request is made into main
-
build_tag
# builds when the tag is pushed
-
test_main
# tests when the merge request is made into main
...
...
@@ -33,7 +33,28 @@ build_branch:
when
:
never
-
changes
:
-
'
*'
branch_scan
:
stage
:
branch_scan
image
:
name
:
trivy
entrypoint
:
[
"
"
]
script
:
-
mkdir scan_result
-
cd tar_images
-
|
for tar_image in *.tar;
do
[ -e "$tar_image" ] || continue;
file_name=${tar_image%.*};
echo $file_name;
if [ "$vulnerability_scanner" = "trivy" ]; then trivy image --timeout 15m --offline-scan --input $tar_image -f json -o ../scan_result/$file_name.json --severity CRITICAL; fi
done
artifacts
:
paths
:
-
scan_result
when
:
on_success
expire_in
:
10 minutes
check_image_tag
:
# Check whether the image is already existing or not for the tag
stage
:
check_image_tag
image
:
...
...
@@ -60,26 +81,6 @@ check_image_tag: # Check whether the image is already existing or not for the ta
paths
:
-
docker_latest_image.txt
branch_scan
:
stage
:
branch_scan
image
:
name
:
trivy
entrypoint
:
[
"
"
]
script
:
-
mkdir scan_result
-
cd tar_images
-
|
for tar_image in *.tar;
do
[ -e "$tar_image" ] || continue;
file_name=${tar_image%.*};
echo $file_name;
if [ "$vulnerability_scanner" = "trivy" ]; then trivy image --timeout 15m --offline-scan --input $tar_image -f json -o ../scan_result/$file_name.json --severity CRITICAL; fi
done
artifacts
:
paths
:
-
scan_result
expire_in
:
10 minutes
build_main
:
# This build will run only for main branch
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
