Merge branch 'master' into...

Merge branch 'master' into '76-sbom-enabled-by-default-results-in-unnecessary-consumption-of-energy'

# Conflicts:
#   templates/gitlab-ci-docker.yml

CHANGELOG.md

+# [6.1.0](https://gitlab.com/to-be-continuous/docker/compare/6.0.0...6.1.0) (2025-01-27)
+
+
+### Features
+
+* disable tracking service by default ([4fa3b0e](https://gitlab.com/to-be-continuous/docker/commit/4fa3b0ead55b66aac16d7fbce15f242dfef301be))
+
 # [6.0.0](https://gitlab.com/to-be-continuous/docker/compare/5.14.1...6.0.0) (2024-11-26)
 
 

README.md

@@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0
     # 2: set/override component inputs
     inputs:
       build-tool: buildah # ⚠ this is only an example
@@ -28,7 +28,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
   # 1: include the template
   - project: 'to-be-continuous/docker'
-    ref: '6.0.0'
+    ref: '6.1.0'
     file: '/templates/gitlab-ci-docker.yml'
 
 variables:
@@ -89,8 +89,8 @@ In practice:
 
 - the **snapshot** image is **always pushed** by the template (pipeline triggered by a Git tag or commit on any branch),
 - the **release** image is only pushed:
-  - on a pipeline triggered by a Git tag,
-  - on a pipeline triggered by a Git commit on `master`.
+    - on a pipeline triggered by a Git tag,
+    - on a pipeline triggered by a Git commit on `master`.
 
 The **snapshot** and **release** images are defined by the following variables:
 
@@ -428,7 +428,7 @@ It is bound to the `package-test` stage, and uses the following variables:
 | -------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- |
 | `trivy-image` / `DOCKER_TRIVY_IMAGE`                                       | The docker image used to scan images with Trivy                                                                        | `registry.hub.docker.com/aquasec/trivy:latest`                      |
 | `trivy-disabled` / `DOCKER_TRIVY_DISABLED`                                 | Set to `true` to disable Trivy analysis                                                                                | _(none)_                                                            |
-| `trivy-args` / `DOCKER_TRIVY_ARGS`                                         | Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options) | `--ignore-unfixed --vuln-type os --exit-on-eol 1 --detection-priority comprehensive`                                   |
+| `trivy-args` / `DOCKER_TRIVY_ARGS`                                         | Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options) | `--ignore-unfixed --pkg-types os --exit-on-eol 1 --detection-priority comprehensive`                                   |
 
 Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options).
 Examples:
@@ -563,7 +563,7 @@ Here is a `.gitlab-ci.yaml` using an external Docker registry:
 
 ```yaml
 include:
-  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0
     inputs:
       snapshot-image: "registry.acme.host/$CI_PROJECT_NAME/snapshot:$CI_COMMIT_REF_SLUG"
       release-image: "registry.acme.host/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME"
@@ -578,7 +578,7 @@ Here is a `.gitlab-ci.yaml` that builds 2 Docker images from the same project (u
 
 ```yaml
 include:
-  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0
 
 .docker-base:
   parallel:
@@ -633,7 +633,7 @@ With:
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0
   # Vault variant
   - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker-vault@5.7.0
     inputs:
@@ -681,7 +681,7 @@ to use the snapshot image repository (will host your snapshot image as well as c
 
 ```yaml
 include:
-  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0
     inputs:
       build-tool: "kaniko" # Only Kaniko has been proved to work for this use case YET
       # untested & unverified container image
@@ -754,7 +754,7 @@ then set the required configuration.
 
 ```yaml
 include:
-  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0
+  - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0
     inputs:
       # untested & unverified container image
       snapshot-image: "123456789012.dkr.ecr.us-east-1.amazonaws.com/$CI_PROJECT_PATH_SLUG/snapshot:$CI_COMMIT_REF_SLUG"

templates/gitlab-ci-docker-ecr.yml

@@ -45,7 +45,7 @@ variables:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "6.0.0"]
+      command: ["--service", "docker", "6.1.0"]
     - name: "$TBC_AWS_PROVIDER_IMAGE"
       alias: "aws-auth-provider"
   id_tokens:

templates/gitlab-ci-docker-gcp.yml

@@ -44,7 +44,7 @@ variables:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "6.0.0"]
+      command: ["--service", "docker", "6.1.0"]
     - name: "$TBC_GCP_PROVIDER_IMAGE"
       alias: "gcp-auth-provider"
   variables:

templates/gitlab-ci-docker-vault.yml

@@ -22,7 +22,7 @@ variables:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "6.0.0"]
+      command: ["--service", "docker", "6.1.0"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:

templates/gitlab-ci-docker.yml

@@ -225,10 +225,9 @@ workflow:
     - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
 
 variables:
-  # variabilized tracking image
-  TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master
   # Global TBC SBOM Mode (onrelease -> only generate SBOMs for releases, always -> generate SBOMs for all refs)
   TBC_SBOM_MODE: "onrelease"
+
   DOCKER_HADOLINT_IMAGE: $[[ inputs.hadolint-image ]]
   DOCKER_IMAGE: $[[ inputs.image ]]
   DOCKER_DIND_IMAGE: $[[ inputs.dind-image ]]
@@ -691,7 +690,7 @@ stages:
 .docker-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "6.0.0"]
+      command: ["--service", "docker", "6.1.0"]
   before_script:
     - !reference [.docker-scripts]
 
@@ -727,7 +726,7 @@ stages:
     _TRACE: "${TRACE}"
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "docker", "6.0.0"]
+      command: ["--service", "docker", "6.1.0"]
     - name: $DOCKER_DIND_IMAGE
       alias: docker
       command: