diff --git a/CHANGELOG.md b/CHANGELOG.md index 90fcabd456227b9ab356c55ecd21fe8a25fbd8b5..e88bc49f18fd465a1ac7b7c30bd963378bed48b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# [6.1.0](https://gitlab.com/to-be-continuous/docker/compare/6.0.0...6.1.0) (2025-01-27) + + +### Features + +* disable tracking service by default ([4fa3b0e](https://gitlab.com/to-be-continuous/docker/commit/4fa3b0ead55b66aac16d7fbce15f242dfef301be)) + # [6.0.0](https://gitlab.com/to-be-continuous/docker/compare/5.14.1...6.0.0) (2024-11-26) diff --git a/README.md b/README.md index 28335c790a1fac39c915b0af7f78f630f33bb8fc..a27c7aaa15a4bb16667c36a5dd363357d14ebcf2 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Add the following to your `.gitlab-ci.yml`: ```yaml include: # 1: include the component - - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0 + - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0 # 2: set/override component inputs inputs: build-tool: buildah # ⚠ this is only an example @@ -28,7 +28,7 @@ Add the following to your `.gitlab-ci.yml`: include: # 1: include the template - project: 'to-be-continuous/docker' - ref: '6.0.0' + ref: '6.1.0' file: '/templates/gitlab-ci-docker.yml' variables: @@ -89,8 +89,8 @@ In practice: - the **snapshot** image is **always pushed** by the template (pipeline triggered by a Git tag or commit on any branch), - the **release** image is only pushed: - - on a pipeline triggered by a Git tag, - - on a pipeline triggered by a Git commit on `master`. + - on a pipeline triggered by a Git tag, + - on a pipeline triggered by a Git commit on `master`. The **snapshot** and **release** images are defined by the following variables: @@ -428,7 +428,7 @@ It is bound to the `package-test` stage, and uses the following variables: | -------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | | `trivy-image` / `DOCKER_TRIVY_IMAGE` | The docker image used to scan images with Trivy | `registry.hub.docker.com/aquasec/trivy:latest` | | `trivy-disabled` / `DOCKER_TRIVY_DISABLED` | Set to `true` to disable Trivy analysis | _(none)_ | -| `trivy-args` / `DOCKER_TRIVY_ARGS` | Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options) | `--ignore-unfixed --vuln-type os --exit-on-eol 1 --detection-priority comprehensive` | +| `trivy-args` / `DOCKER_TRIVY_ARGS` | Additional [`trivy image` options](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options) | `--ignore-unfixed --pkg-types os --exit-on-eol 1 --detection-priority comprehensive` | Other Trivy parameters shall be configured using [Trivy environment variables](https://aquasecurity.github.io/trivy/latest/docs/references/configuration/cli/trivy_image/#options). Examples: @@ -563,7 +563,7 @@ Here is a `.gitlab-ci.yaml` using an external Docker registry: ```yaml include: - - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0 + - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0 inputs: snapshot-image: "registry.acme.host/$CI_PROJECT_NAME/snapshot:$CI_COMMIT_REF_SLUG" release-image: "registry.acme.host/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME" @@ -578,7 +578,7 @@ Here is a `.gitlab-ci.yaml` that builds 2 Docker images from the same project (u ```yaml include: - - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0 + - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0 .docker-base: parallel: @@ -633,7 +633,7 @@ With: ```yaml include: # main template - - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0 + - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0 # Vault variant - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker-vault@5.7.0 inputs: @@ -681,7 +681,7 @@ to use the snapshot image repository (will host your snapshot image as well as c ```yaml include: - - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0 + - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0 inputs: build-tool: "kaniko" # Only Kaniko has been proved to work for this use case YET # untested & unverified container image @@ -754,7 +754,7 @@ then set the required configuration. ```yaml include: - - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.0.0 + - component: $CI_SERVER_FQDN/to-be-continuous/docker/gitlab-ci-docker@6.1.0 inputs: # untested & unverified container image snapshot-image: "123456789012.dkr.ecr.us-east-1.amazonaws.com/$CI_PROJECT_PATH_SLUG/snapshot:$CI_COMMIT_REF_SLUG" diff --git a/templates/gitlab-ci-docker-ecr.yml b/templates/gitlab-ci-docker-ecr.yml index 2d5e82a854ff162c0a66932ed18e950ae571c304..6aedf5317bdae07f2720742e9fdb966099455f22 100644 --- a/templates/gitlab-ci-docker-ecr.yml +++ b/templates/gitlab-ci-docker-ecr.yml @@ -45,7 +45,7 @@ variables: .docker-base: services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "docker", "6.0.0"] + command: ["--service", "docker", "6.1.0"] - name: "$TBC_AWS_PROVIDER_IMAGE" alias: "aws-auth-provider" id_tokens: diff --git a/templates/gitlab-ci-docker-gcp.yml b/templates/gitlab-ci-docker-gcp.yml index e44d381397bf604d3cbcd8ab1fffe372de910b47..6a044c8b166ae0b7a154218ef9d25585a7ed7a7f 100644 --- a/templates/gitlab-ci-docker-gcp.yml +++ b/templates/gitlab-ci-docker-gcp.yml @@ -44,7 +44,7 @@ variables: .docker-base: services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "docker", "6.0.0"] + command: ["--service", "docker", "6.1.0"] - name: "$TBC_GCP_PROVIDER_IMAGE" alias: "gcp-auth-provider" variables: diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml index 81e3fdb17844dfbcdfc258b79f723f47a92f195c..66a7f1bda659c17a3246e2324004a56a871616cf 100644 --- a/templates/gitlab-ci-docker-vault.yml +++ b/templates/gitlab-ci-docker-vault.yml @@ -22,7 +22,7 @@ variables: .docker-base: services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "docker", "6.0.0"] + command: ["--service", "docker", "6.1.0"] - name: "$TBC_VAULT_IMAGE" alias: "vault-secrets-provider" variables: diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index a82fc5d509e22a9596cbe0eca3d33467a394d6bc..f4aea53e1f296a2c05774ad296558bbd7ff5c6c5 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -225,10 +225,9 @@ workflow: - if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF' variables: - # variabilized tracking image - TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master # Global TBC SBOM Mode (onrelease -> only generate SBOMs for releases, always -> generate SBOMs for all refs) TBC_SBOM_MODE: "onrelease" + DOCKER_HADOLINT_IMAGE: $[[ inputs.hadolint-image ]] DOCKER_IMAGE: $[[ inputs.image ]] DOCKER_DIND_IMAGE: $[[ inputs.dind-image ]] @@ -691,7 +690,7 @@ stages: .docker-base: services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "docker", "6.0.0"] + command: ["--service", "docker", "6.1.0"] before_script: - !reference [.docker-scripts] @@ -727,7 +726,7 @@ stages: _TRACE: "${TRACE}" services: - name: "$TBC_TRACKING_IMAGE" - command: ["--service", "docker", "6.0.0"] + command: ["--service", "docker", "6.1.0"] - name: $DOCKER_DIND_IMAGE alias: docker command: