From 6f11bc414c7fa8082a8241aed9e40a2183a1d9a1 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 08:11:57 +0100 Subject: [PATCH 01/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 93188ca..b6f8463 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,6 +8,7 @@ include: cache: key: one-key-to-rule-them-all +# https://docs.docker.com/build/building/multi-platform/ build:docker: image: docker:dind interruptible: true @@ -21,10 +22,12 @@ build:docker: tags: [ docker ] before_script: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` + - docker buildx ls + - docker buildx inspect script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker build . --tag $IMAGE + - docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 . --tag $IMAGE - docker push $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: From c8e5676c01354987ae25118affe0afb1b8cb057c Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 08:17:31 +0100 Subject: [PATCH 02/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b6f8463..2006868 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,6 +24,7 @@ build:docker: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - docker buildx ls - docker buildx inspect + - docker buildx create –use script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF From c8e000eb3e81a25bd1d402a95218946d99ba298a Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 08:22:51 +0100 Subject: [PATCH 03/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2006868..b643d0d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,6 @@ include: cache: key: one-key-to-rule-them-all -# https://docs.docker.com/build/building/multi-platform/ build:docker: image: docker:dind interruptible: true @@ -24,7 +23,7 @@ build:docker: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - docker buildx ls - docker buildx inspect - - docker buildx create –use + - docker buildx create –use docker script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF From 6395214fa0fece014a25a4a407c4674f91bb6450 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 08:24:40 +0100 Subject: [PATCH 04/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b643d0d..01ccd9d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ build:docker: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - docker buildx ls - docker buildx inspect - - docker buildx create –use docker + - docker buildx create –-use script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF From 89704bc2a1c4d6a6138e7fb29748a57189f18310 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 08:35:27 +0100 Subject: [PATCH 05/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 01ccd9d..30e95a6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ build:docker: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - docker buildx ls - docker buildx inspect - - docker buildx create –-use + - docker buildx create –-use tcp://docker:2375 script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF From 04ff36c94d96ba3c1fe749e4ebd5781950a4a9ba Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 08:36:34 +0100 Subject: [PATCH 06/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 30e95a6..aa8df78 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -23,7 +23,7 @@ build:docker: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - docker buildx ls - docker buildx inspect - - docker buildx create –-use tcp://docker:2375 + - docker buildx create --use tcp://docker:2375 script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF From e200c84345bf2260b868ac69f8af1ab0609c1bab Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 11:10:53 +0100 Subject: [PATCH 07/14] improvements --- .gitlab-ci.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa8df78..31492e5 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -21,14 +21,13 @@ build:docker: tags: [ docker ] before_script: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - - docker buildx ls - docker buildx inspect - - docker buildx create --use tcp://docker:2375 + - docker buildx create --use # tcp://docker:2375 script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 . --tag $IMAGE - - docker push $IMAGE + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64,linux/arm/v7 --tag $IMAGE --push . +# - docker push $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: reports: From 995b94413583a62dabdfd7672ffb44478976bcb3 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Thu, 23 Mar 2023 11:46:17 +0100 Subject: [PATCH 08/14] removed "linux/arm/v7" --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 31492e5..c046d35 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,11 +22,11 @@ build:docker: before_script: - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` - docker buildx inspect - - docker buildx create --use # tcp://docker:2375 + - docker buildx create --use script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64,linux/arm/v7 --tag $IMAGE --push . + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64 --tag $IMAGE --push . # - docker push $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: From 3d9e3cb88fe782687083f40a54467212dc036158 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Fri, 24 Mar 2023 07:48:35 +0100 Subject: [PATCH 09/14] set specific arm64 version to v8 --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c046d35..80c0470 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,7 +26,7 @@ build:docker: script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64 --tag $IMAGE --push . + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64/v8 --tag $IMAGE --push . # - docker push $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: From 593db0e78984b9bb663ccef3e3a4f7926563a1fa Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Fri, 24 Mar 2023 08:43:29 +0100 Subject: [PATCH 10/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 80c0470..3a99f56 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,8 +26,8 @@ build:docker: script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64/v8 --tag $IMAGE --push . -# - docker push $IMAGE + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64/v8 --tag $IMAGE . # --push + - docker push $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: reports: From 76d8753f2892e854545911f9b72e2d5652e0a739 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Fri, 24 Mar 2023 09:07:49 +0100 Subject: [PATCH 11/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3a99f56..108fa9b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,8 +26,9 @@ build:docker: script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64/v8 --tag $IMAGE . # --push + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64,linux/arm/v7 --tag $IMAGE --output type=docker . # --push - docker push $IMAGE + - docker buildx imagetools inspect $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: reports: From f72c0f7db3e170e7de452b9c7280ece646d719ea Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Fri, 24 Mar 2023 09:11:26 +0100 Subject: [PATCH 12/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 108fa9b..007f8ca 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,8 +26,7 @@ build:docker: script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64,linux/arm/v7 --tag $IMAGE --output type=docker . # --push - - docker push $IMAGE + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64,linux/arm/v7 --tag $IMAGE --push . - docker buildx imagetools inspect $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: From 7b7f14bd8231e9138de6103457c52844c7a33c4d Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Fri, 24 Mar 2023 09:31:27 +0100 Subject: [PATCH 13/14] Aktualisieren .gitlab-ci.yml --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 007f8ca..e115cce 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -26,7 +26,7 @@ build:docker: script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF - - docker buildx build --progress=plain --platform linux/amd64,linux/arm64,linux/arm/v7 --tag $IMAGE --push . + - docker buildx build --progress=plain --platform linux/amd64,linux/arm64 --tag $IMAGE --push . - docker buildx imagetools inspect $IMAGE - echo "CS_IMAGE=$IMAGE" > container_scanning.env artifacts: From 9d1422cbdfe034ee02d87591b2ddcab4614c26e0 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Fri, 24 Mar 2023 10:00:25 +0100 Subject: [PATCH 14/14] secret detection --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e115cce..843e12f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -219,6 +219,8 @@ secret_detection: - if: $SECRET_DETECTION_DISABLED when: never - if: $CI_PIPELINE_SOURCE == "merge_request_event" + before_script: + - git config --global --add safe.directory $CI_PROJECT_DIR semgrep-sast: rules: