PROD.2026/RekomenciBackend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: fix trivy access to registry

Browse Source
This commit is contained in:
ITQ
2025-11-17 22:58:24 +03:00
parent e7e3cf2b0f
commit 01227027e8
1 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+17 -11
View File
@@ -11,6 +11,9 @@ variables:
TRIVY_CACHE_DIR: .cache/trivy TRIVY_CACHE_DIR: .cache/trivy
TRIVY_NO_PROGRESS: "true" TRIVY_NO_PROGRESS: "true"
TRIVY_TIMEOUT: "10m0s" TRIVY_TIMEOUT: "10m0s"
TRIVY_USERNAME: $CI_REGISTRY_USER
TRIVY_PASSWORD: $CI_REGISTRY_PASSWORD
TRIVY_REGISTRY: $CI_REGISTRY
cache: cache:
key: "${CI_COMMIT_REF_SLUG}" key: "${CI_COMMIT_REF_SLUG}"
@@ -20,9 +23,9 @@ cache:
policy: pull-push policy: pull-push
.docker-job: &docker-job .docker-job: &docker-job
image: docker:28.0 image: docker:28.5
services: services:
- docker:28.0-dind - docker:28.5-dind
before_script: before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
@@ -31,8 +34,6 @@ cache:
image: image:
name: aquasec/trivy:latest name: aquasec/trivy:latest
entrypoint: [""] entrypoint: [""]
variables:
TRIVY_CACHE_DIR: .cache/trivy
cache: cache:
paths: paths:
- $TRIVY_CACHE_DIR - $TRIVY_CACHE_DIR
@@ -63,10 +64,6 @@ cache:
image: image:
name: aquasec/trivy:latest name: aquasec/trivy:latest
entrypoint: [""] entrypoint: [""]
variables:
TRIVY_CACHE_DIR: .cache/trivy
TRIVY_USERNAME: $CI_REGISTRY_USER
TRIVY_PASSWORD: $CI_REGISTRY_PASSWORD
cache: cache:
paths: paths:
- $TRIVY_CACHE_DIR - $TRIVY_CACHE_DIR
@@ -74,8 +71,17 @@ cache:
before_script: before_script:
- mkdir -p $TRIVY_CACHE_DIR - mkdir -p $TRIVY_CACHE_DIR
script: script:
- trivy image --format cyclonedx --output image-sbom-${IMAGE_TYPE}.json $IMAGE_NAME:$CI_COMMIT_SHA - |
- trivy image --format sarif --output gl-sast-image-${IMAGE_TYPE}-report.json $IMAGE_NAME:$CI_COMMIT_SHA trivy image \
--scanners vuln \
--format cyclonedx \
--output image-sbom-${IMAGE_TYPE}.json \
$IMAGE_NAME:$CI_COMMIT_SHA
- |
trivy image \
--format sarif \
--output gl-sast-image-${IMAGE_TYPE}-report.json \
$IMAGE_NAME:$CI_COMMIT_SHA
allow_failure: true allow_failure: true
artifacts: artifacts:
reports: reports:
@@ -140,7 +146,7 @@ cache:
- | - |
REGISTRY_PREFIX=$CI_REGISTRY_IMAGE \ REGISTRY_PREFIX=$CI_REGISTRY_IMAGE \
docker compose -f compose.yaml -f compose.prod.yaml \ docker compose -f compose.yaml -f compose.prod.yaml \
--profile migrations --profile tests up -d --profile migrations --profile tests up -d -y --quiet-pull --quiet-build
- | - |
TEST_CONTAINER_ID=$(docker compose --profile migrations --profile tests ps -q tests -a) TEST_CONTAINER_ID=$(docker compose --profile migrations --profile tests ps -q tests -a)
timeout 600 docker wait $TEST_CONTAINER_ID timeout 600 docker wait $TEST_CONTAINER_ID