deekayen · August 3, 2020 21:19
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
 clair:
  tags:
    - kubernetes
  stage: test
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2375/
    ## Define two new variables based on GitLab's CI/CD predefined variables
    ## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables
    CI_APPLICATION_REPOSITORY: $CI_PROJECT_NAME
    CI_APPLICATION_TAG: $CI_COMMIT_SHA
    # See https://github.com/docker-library/docker/pull/166
    DOCKER_TLS_CERTDIR: ""
  allow_failure: true
  services:
    - name: docker:dind
      entrypoint: ["env", "-u", "DOCKER_HOST"]
      command: ["dockerd-entrypoint.sh"]
  before_script:
    - apk add -U wget ca-certificates
    - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
    - mv clair-scanner_linux_amd64 clair-scanner
    - chmod +x clair-scanner
  script:
    - docker run -d --name db arminc/clair-db:latest
    - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:latest
    - docker build --build-arg VERSION=${CI_APPLICATION_TAG} -t ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} .
    - touch clair-whitelist.yml
    - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
    - retries=0
    - echo "Waiting for clair daemon to start"
    - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
    - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
  artifacts:
    paths: [gl-container-scanning-report.json]
	clair:
	tags:
	- kubernetes
	stage: test
	image: docker:stable
	variables:
	DOCKER_DRIVER: overlay2
	DOCKER_HOST: tcp://docker:2375/
	## Define two new variables based on GitLab's CI/CD predefined variables
	## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables
	CI_APPLICATION_REPOSITORY: $CI_PROJECT_NAME
	CI_APPLICATION_TAG: $CI_COMMIT_SHA
	# See https://github.com/docker-library/docker/pull/166
	DOCKER_TLS_CERTDIR: ""
	allow_failure: true
	services:
	- name: docker:dind
	entrypoint: ["env", "-u", "DOCKER_HOST"]
	command: ["dockerd-entrypoint.sh"]
	before_script:
	- apk add -U wget ca-certificates
	- wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
	- mv clair-scanner_linux_amd64 clair-scanner
	- chmod +x clair-scanner
	script:
	- docker run -d --name db arminc/clair-db:latest
	- docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:latest
	- docker build --build-arg VERSION=${CI_APPLICATION_TAG} -t ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} .
	- touch clair-whitelist.yml
	- while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
	- retries=0
	- echo "Waiting for clair daemon to start"
	- while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
	- ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} \|\| true
	artifacts:
	paths: [gl-container-scanning-report.json]