Skip to content
Snippets Groups Projects
Unverified Commit f6684179 authored by Duncan Macleod's avatar Duncan Macleod
Browse files

ci: fix container scanning

parent 18df101b
No related tags found
No related merge requests found
Pipeline #609451 passed
......@@ -7,5 +7,7 @@ stages:
include:
# build and publish _this_ image
- local: '.gitlab/ci/build.yml'
# scan the image for vulnerabilities
- local: '.gitlab/ci/scan.yml'
# trigger rebuilds of downstream images
- local: '.gitlab/ci/trigger.yml'
......@@ -7,8 +7,6 @@ include:
- project: computing/gitlab-ci-templates
# https://computing.docs.ligo.org/gitlab-ci-templates/docker/
file: docker.yml
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
- template: Security/Container-Scanning.gitlab-ci.yml
# -- build the image --------
......@@ -21,16 +19,6 @@ build:
# use the branch name as the tag
CI_REGISTRY_TAG: '$CI_COMMIT_REF_SLUG'
# -- scan the image ---------
# check the image for vulnerabilities, see
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
container_scanning:
stage: scan
needs: [build]
variables:
DOCKER_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG'
# -- push the image ---------
.push:
......
# ---------------------------
# Build workflow
# ---------------------------
include:
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
- template: Security/Container-Scanning.gitlab-ci.yml
# -- scan the image ---------
# check the image for vulnerabilities, see
# https://docs.gitlab.com/ee/user/application_security/container_scanning/
container_scanning:
stage: scan
needs: [build]
variables:
# use upstream project for default image
CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/docker/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG"
# this is the current image
CS_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
GIT_STRATEGY: fetch
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment