custom ca

.gitlab-ci.yml

@@ -9,7 +9,7 @@ variables:
   DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
 
 
-generate-dtrack-api:
+.generate-api:
   stage: generate-api-clients
   image: openapitools/openapi-generator-cli:v7.12.0
   tags:
@@ -19,6 +19,15 @@ generate-dtrack-api:
   rules:
     - if: '$CI_COMMIT_BRANCH == "main"'
     - if: '$CI_COMMIT_TAG'
+  before_script:
+    - curl --insecure https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt -o krohne-ca.crt
+    - echo "a921e440a742f1e67c7714306e2c0d76  krohne-ca.crt" | md5sum -c 
+    - mv krohne-ca.crt /usr/local/share/ca-certificates
+    - update-ca-certificates
+
+
+generate-dtrack-api:
+  extends: .generate-api
   artifacts:
     paths:
       - dtrack-api-client.tgz
@@ -44,15 +53,7 @@ generate-dtrack-api:
 
 
 generate-defectdojo-api:
-  stage: generate-api-clients
-  image: openapitools/openapi-generator-cli:v7.12.0
-  tags:
-    - linux
-    - docker
-    - bash
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "main"'
-    - if: '$CI_COMMIT_TAG'
+  extends: .generate-api
   artifacts:
     paths:
       - defectdojo-api-client.tgz

Dockerfile

@@ -6,12 +6,22 @@ ENV DEFECTDOJO_URL=""
 ENV DEFECTDOJO_TOKEN=""
 
 ARG APP_DIR=/opt/app
+ARG ADDITIONAL_CA_URL=""
+ARG ADDITIONAL_CA_CHECKSUM=""
 
 RUN \
   apk add --no-cache syft &&\
   adduser -s /bin/sh -D user &&\
   mkdir -p $APP_DIR &&\
-  chown user:user $APP_DIR
+  chown user:user $APP_DIR &&\
+  if [ "$ADDITIONAL_CA_URL" != "" -a "$ADDITIONAL_CA_CHECKSUM" != "" ]; then \
+    cd /usr/share/ca-certificates; \
+    wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
+    echo "a921e440a742f1e67c7714306e2c0d76  custom-ca.crt" | md5sum -c; \
+    /usr/sbin/update-ca-certificates; \
+  else \
+    echo "no additional ca"; \
+  fi 
 
 USER user
 WORKDIR $APP_DIR