fix: ooops, container scanning should be past building

This commit is contained in:
Vladimir (vapronva) 2022-09-30 04:49:36 +03:00
parent 91685a06e4
commit 2d67f6b0c8
Signed by: vapronva
GPG Key ID: A45F9F69DDD8A474
1 changed files with 10 additions and 18 deletions

View File

@ -1,6 +1,7 @@
stages: stages:
- test - test
- build-image - build-image
- post-test
sast: sast:
stage: test stage: test
@ -10,13 +11,6 @@ include:
- template: Security/Secret-Detection.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
CS_DISABLE_DEPENDENCY_LIST: "true"
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
docker-image-build: docker-image-build:
stage: build-image stage: build-image
image: docker:20-git image: docker:20-git
@ -34,14 +28,12 @@ docker-image-build:
- requirements.txt - requirements.txt
- .gitlab-ci.yml - .gitlab-ci.yml
docker-image-nightly-build: container_scanning:
stage: build-image stage: post-test
image: docker:20-git variables:
script: CS_DISABLE_DEPENDENCY_LIST: "true"
- docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly . CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
- docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
rules: CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
- if: $CI_COMMIT_BRANCH == "unsafe" SECURE_LOG_LEVEL: "debug"
exists:
- Dockerfile