fix: ooops, container scanning should be past building
This commit is contained in:
parent
91685a06e4
commit
2d67f6b0c8
|
@ -1,6 +1,7 @@
|
|||
stages:
|
||||
- test
|
||||
- build-image
|
||||
- post-test
|
||||
|
||||
sast:
|
||||
stage: test
|
||||
|
@ -10,13 +11,6 @@ include:
|
|||
- template: Security/Secret-Detection.gitlab-ci.yml
|
||||
- template: Security/Container-Scanning.gitlab-ci.yml
|
||||
|
||||
container_scanning:
|
||||
variables:
|
||||
CS_DISABLE_DEPENDENCY_LIST: "true"
|
||||
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
|
||||
CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
|
||||
CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
|
||||
|
||||
docker-image-build:
|
||||
stage: build-image
|
||||
image: docker:20-git
|
||||
|
@ -34,14 +28,12 @@ docker-image-build:
|
|||
- requirements.txt
|
||||
- .gitlab-ci.yml
|
||||
|
||||
docker-image-nightly-build:
|
||||
stage: build-image
|
||||
image: docker:20-git
|
||||
script:
|
||||
- docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly .
|
||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
- docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == "unsafe"
|
||||
exists:
|
||||
- Dockerfile
|
||||
container_scanning:
|
||||
stage: post-test
|
||||
variables:
|
||||
CS_DISABLE_DEPENDENCY_LIST: "true"
|
||||
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest
|
||||
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter
|
||||
CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false"
|
||||
CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5"
|
||||
SECURE_LOG_LEVEL: "debug"
|
||||
|
|
Loading…
Reference in New Issue