Merge branch '99-limit-security-reports-access-to-developer-role-and-above' into 'master'

Resolve "Limit security reports access to developer role and above" Closes #99 See merge request to-be-continuous/docker!132

Merge branch '99-limit-security-reports-access-to-developer-role-and-above' into 'master'
4ac078c7 · Pierre Smeyers · 421473a3 · 29a3173e · 4ac078c7 · 4ac078c7
Commit 4ac078c7 authored 7 months ago by Pierre Smeyers
--- a/README.md
+++ b/README.md
@@ -296,7 +296,7 @@ FROM ubuntu
 RUN cd /tmp && echo "hello!"
 ```
-In addition to a textual report in the console, this job produces the following reports, kept for one day:
+In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:
 | Report                                       | Format                               | Usage                                                                                                                                                                          |
 | -------------------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
@@ -434,7 +434,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | `trivy-db-repository` / `DOCKER_TRIVY_DB_REPOSITORY`                       | OCI repository to retrieve Trivy Database from                                                                         | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-db`)          |
 | `trivy-java-db-repository` / `DOCKER_TRIVY_JAVA_DB_REPOSITORY`             | OCI repository to retrieve Trivy Java Database from                                                                    | _none_ (use Trivy default `ghcr.io/aquasecurity/trivy-java-db:1`)\_ |
-In addition to a textual report in the console, this job produces the following reports, kept for one day:
+In addition to a textual report in the console, this job produces the following reports, kept for one day and only available for download by users with the Developer role or higher:
 | Report                               | Format                                                                                                             | Usage                                                                                                                                                                       |
 | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |

--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -786,6 +786,7 @@ docker-hadolint:
  artifacts:
    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
    expire_in: 1 day
+    access: developer
    when: always
    reports:
      codequality:
@@ -1018,6 +1019,7 @@ docker-trivy:
  artifacts:
    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
    expire_in: 1 day
+    access: developer
    when: always
    paths:
    - "reports/docker-trivy-*"