From 08ace70406822c4e525e78a222eeb08cda73559b Mon Sep 17 00:00:00 2001 From: Patrick Baber Date: Thu, 12 Oct 2023 14:24:42 +0200 Subject: [PATCH 1/6] bump docker version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7d5767a..aaf2f75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker:23.0-cli +FROM docker:24.0-cli LABEL maintainer="Patrick Baber " ENV REGCLIENT_VERSION "0.4.7" From be2da53ccfea11aa9879a4f3b2efea978144237d Mon Sep 17 00:00:00 2001 From: Patrick Baber Date: Thu, 12 Oct 2023 14:25:00 +0200 Subject: [PATCH 2/6] bump reg client --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index aaf2f75..2f2d5ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM docker:24.0-cli LABEL maintainer="Patrick Baber " -ENV REGCLIENT_VERSION "0.4.7" +ENV REGCLIENT_VERSION "0.5.3" ARG TARGETARCH From a5b5b1d546f8debc76b352b891df26e6dc0b5254 Mon Sep 17 00:00:00 2001 From: Patrick Baber Date: Thu, 12 Oct 2023 14:26:00 +0200 Subject: [PATCH 3/6] bump trivy --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2f2d5ad..8ace34e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,7 +26,7 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then ARCHITECTURE="linux-arm64"; else ARCHIT chmod +x /usr/local/bin/regctl # Install Trivy -COPY --from=aquasec/trivy:0.35.0 /usr/local/bin/trivy /usr/local/bin/trivy +COPY --from=aquasec/trivy:0.45.1 /usr/local/bin/trivy /usr/local/bin/trivy RUN chmod +x /usr/local/bin/trivy # copy ci script From 432c98cb12a9407603e0b840d8ee1253210f0f73 Mon Sep 17 00:00:00 2001 From: Patrick Baber Date: Thu, 12 Oct 2023 14:27:52 +0200 Subject: [PATCH 4/6] bump version in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7599da8..36761bc 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ Docker Include the image via the **image** keyword in your `.gitlab-ci.yml`: ```yaml -image: ueberdosis/build-tools +image: ueberdosis/build-tools:0.63.0 ``` ## Usage examples @@ -56,7 +56,7 @@ container_scan: To release a new version on Docker Hub run: ```bash -export VERSION="0.59.0" +export VERSION="0.63.0" # Init buildx docker buildx create --use From 885f68b0551e98a16eb609596ef4429cbd0d8b1a Mon Sep 17 00:00:00 2001 From: Patrick Baber Date: Thu, 12 Oct 2023 14:33:37 +0200 Subject: [PATCH 5/6] update gitlab ci examples --- README.md | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 36761bc..6d7c359 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # 🛠️ Build Tools -Docker image with useful CI/CD tools +Docker image with useful CI/CD tools optimized for use in GitLab CI pipelines. ## Tools included @@ -22,10 +22,11 @@ Docker ## Getting started -Include the image via the **image** keyword in your `.gitlab-ci.yml`: +Include the image via the **default.image** keyword in your `.gitlab-ci.yml`: ```yaml -image: ueberdosis/build-tools:0.63.0 +default: + image: ueberdosis/build-tools:0.63.0 ``` ## Usage examples @@ -36,16 +37,10 @@ Adjust the image-name and tag after copying the command to your `.gitlab-ci.yml` ```yaml container_scan: - stage: test - cache: - paths: - - $HOME/.cache/trivy - except: - - schedule script: - | - trivy --quiet image \ - --severity CRITICAL \ + trivy image \ + --severity HIGH,CRITICAL \ --ignore-unfixed \ --exit-code 1 \ registry.gitlab.com/your-repository-path/your-image-name:your-tag From 41004d193c8cbe62e2ff0599429c76e6ff22c2b3 Mon Sep 17 00:00:00 2001 From: Patrick Baber Date: Thu, 12 Oct 2023 14:48:13 +0200 Subject: [PATCH 6/6] add more examples and descriptions --- README.md | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 6d7c359..8748058 100644 --- a/README.md +++ b/README.md @@ -6,15 +6,15 @@ Docker image with useful CI/CD tools optimized for use in GitLab CI pipelines. - bash - curl -- Docker -- Docker Buildx -- Docker Compose +- [Docker](https://docs.docker.com/engine/reference/commandline/cli/) +- [Docker Buildx](https://docs.docker.com/build/architecture/#buildx) +- [Docker Compose](https://docs.docker.com/get-started/08_using_compose/) - git - openssl -- regctl +- [regctl](https://github.com/regclient/regclient) (for advanced image handling) - rsync -- sshpass -- trivy +- [sshpass](https://www.redhat.com/sysadmin/ssh-automation-sshpass) (for SSH servers with password authentication) +- [trivy](https://aquasecurity.github.io/trivy/v0.45/) ## Dependencies @@ -31,9 +31,23 @@ default: ## Usage examples +### Build images with Docker Compose + +Specify `COMPOSE_FILE` if different from the default: `docker-compose.yml`. See [Docker Compose documentation](https://docs.docker.com/compose/compose-file/build/) for more details. + +```yaml +build_app: + variables: + COMPOSE_FILE: docker-compose.build.yml + stage: build + script: + - docker-compose build app + - docker-compose push app +``` + ### Run trivy -Adjust the image-name and tag after copying the command to your `.gitlab-ci.yml`. +Adjust the image-name and tag after copying the command to your `.gitlab-ci.yml`. See [trivy documentation](https://aquasecurity.github.io/trivy/v0.45/docs/target/container_image/) for more details. ```yaml container_scan: