From 2d67f6b0c8d79e6647c371d1780e99b07fc406ab Mon Sep 17 00:00:00 2001 From: "Vladimir (vapronva)" Date: Fri, 30 Sep 2022 04:49:36 +0300 Subject: [PATCH] fix: ooops, container scanning should be past building --- .gitlab-ci.yml | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d5d0465..fd2b379 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,7 @@ stages: - test - build-image + - post-test sast: stage: test @@ -10,13 +11,6 @@ include: - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/Container-Scanning.gitlab-ci.yml -container_scanning: - variables: - CS_DISABLE_DEPENDENCY_LIST: "true" - CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest - CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false" - CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5" - docker-image-build: stage: build-image image: docker:20-git @@ -34,14 +28,12 @@ docker-image-build: - requirements.txt - .gitlab-ci.yml -docker-image-nightly-build: - stage: build-image - image: docker:20-git - script: - - docker build -t $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly . - - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - docker image push $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:nightly - rules: - - if: $CI_COMMIT_BRANCH == "unsafe" - exists: - - Dockerfile +container_scanning: + stage: post-test + variables: + CS_DISABLE_DEPENDENCY_LIST: "true" + CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter:latest + CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/hatkidchan-mastoposter + CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN: "false" + CS_ANALYZER_IMAGE: "registry.gitlab.com/security-products/container-scanning/grype:5" + SECURE_LOG_LEVEL: "debug"