From 9fa51183755b94e02af9a3151eccc5ba9be75b15 Mon Sep 17 00:00:00 2001
From: Guilhem Bonnefille <guilhem.bonnefille@csgroup.eu>
Date: Fri, 5 Jul 2024 07:14:53 +0000
Subject: [PATCH] feat: display tools' version
---
templates/gitlab-ci-docker.yml | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 302d611..9ac6685 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -682,6 +682,9 @@ stages:
before_script:
- !reference [.docker-scripts]
- create_kaniko_cache_dir
+ - |
+ log_info "Kaniko version:"
+ /kaniko/executor version
.docker-dind-base:
@@ -710,6 +713,9 @@ stages:
before_script:
- !reference [.docker-scripts]
- if ! wait_for_docker_daemon; then fail "Docker-in-Docker is not enabled on this runner. Either use a Docker-in-Docker capable runner, or disable this job by setting \$DOCKER_BUILD_TOOL to a different value"; fi
+ - |
+ log_info "Docker version:"
+ docker version
# ==================================================
# Stage: build
@@ -724,6 +730,9 @@ docker-hadolint:
dependencies: []
script:
- autoconfig_hadolint
+ - |
+ log_info "Hadolint version:"
+ hadolint -v
- mkdir -p -m 777 reports
- log_info "Scanning ${DOCKER_FILE}..."
- dockerfile_hash=$(echo "$DOCKER_FILE" | md5sum | cut -d" " -f1)
@@ -829,6 +838,9 @@ docker-buildah-build:
buildah_cache_args="--layers --cache-from $buildah_build_cache --cache-to $buildah_build_cache"
log_info "Build cache enabled; CLI options: ${buildah_cache_args}"
fi
+ - |
+ log_info "Buildah version:"
+ buildah version
# build and push image
- buildah build --file "$DOCKER_FILE" --tag $DOCKER_SNAPSHOT_IMAGE $buildah_cache_args --build-arg http_proxy="$http_proxy" --build-arg https_proxy="$https_proxy" --build-arg no_proxy="$no_proxy" $DOCKER_METADATA $DOCKER_BUILD_ARGS "$(docker_context_path)"
- buildah push --digestfile .img-digest.txt "$DOCKER_SNAPSHOT_IMAGE"
@@ -933,9 +945,13 @@ docker-trivy:
TRIVY_CACHE_DIR: ".trivycache/"
script:
- log_info "Scanning vulnerabilities from ${DOCKER_SNAPSHOT_IMAGE}..."
+ - |
+ log_info "Trivy version:"
+ trivy version
- |
# cache cleanup is needed when scanning images with the same tags, it does not remove the database
trivy clean --scan-cache || trivy image --clear-cache
+ - |
export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
@@ -982,6 +998,9 @@ docker-sbom:
entrypoint: [""]
script:
- log_info "Extracting SBOM from ${DOCKER_SNAPSHOT_IMAGE}..."
+ - |
+ log_info "Syft version:"
+ /syft version
- mkdir -p -m 777 reports
- basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
- /syft scan ${TRACE+-vv} $DOCKER_SNAPSHOT_IMAGE $DOCKER_SBOM_OPTS -o cyclonedx-json=reports/docker-sbom-${basename}.cyclonedx.json
@@ -1034,6 +1053,9 @@ docker-publish:
log_warn "\\e[93mYou should consider distinguishing snapshot and release images as they do not differ. Skipping publish phase as image has already been created by previous job.\\e[0m"
exit 0
fi
+ - |
+ log_info "Skopeo version:"
+ skopeo -v
- BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}
# 1: push main image
- log_info "Copying ${DOCKER_SNAPSHOT_IMAGE} to ${DOCKER_RELEASE_IMAGE}..."
--
GitLab