Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
7f394f82ee
|
|||
|
c8577edf0c
|
|||
|
02aba34391
|
|||
|
1fb4c387a7
|
|||
|
92b61fdae0
|
|||
|
4ddb6cfd30
|
|||
|
0eb761db27
|
|||
|
9cc81373dc
|
@ -7,7 +7,8 @@ variables:
|
|||||||
IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
|
IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
|
||||||
DTRACK_API_URL: https://dtrack-api-rd.krohne.com
|
DTRACK_API_URL: https://dtrack-api-rd.krohne.com
|
||||||
DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
|
DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
|
||||||
|
KROHNE_CA_URL: https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt
|
||||||
|
KROHNE_CA_CHECKSUM: a921e440a742f1e67c7714306e2c0d76
|
||||||
|
|
||||||
.generate-api:
|
.generate-api:
|
||||||
stage: generate-api-clients
|
stage: generate-api-clients
|
||||||
@ -20,8 +21,8 @@ variables:
|
|||||||
- if: '$CI_COMMIT_BRANCH == "main"'
|
- if: '$CI_COMMIT_BRANCH == "main"'
|
||||||
- if: '$CI_COMMIT_TAG'
|
- if: '$CI_COMMIT_TAG'
|
||||||
before_script:
|
before_script:
|
||||||
- curl --insecure https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt -o krohne-ca.crt
|
- curl --insecure $KROHNE_CA_URL -o krohne-ca.crt
|
||||||
- echo "a921e440a742f1e67c7714306e2c0d76 krohne-ca.crt" | md5sum -c
|
- echo "$KROHNE_CA_CHECKSUM krohne-ca.crt" | md5sum -c
|
||||||
- mv krohne-ca.crt /usr/local/share/ca-certificates
|
- mv krohne-ca.crt /usr/local/share/ca-certificates
|
||||||
- update-ca-certificates
|
- update-ca-certificates
|
||||||
|
|
||||||
@ -81,7 +82,9 @@ dockerize:
|
|||||||
script:
|
script:
|
||||||
- tar -xzf defectdojo-api-client.tgz
|
- tar -xzf defectdojo-api-client.tgz
|
||||||
- tar -xzf dtrack-api-client.tgz
|
- tar -xzf dtrack-api-client.tgz
|
||||||
- docker build --tag $IMAGE_NAME:latest
|
- docker build --build-arg ADDITIONAL_CA_URL="$KROHNE_CA_URL"
|
||||||
|
--build-arg ADDITIONAL_CA_CHECKSUM=$KROHNE_CA_CHECKSUM
|
||||||
|
--tag $IMAGE_NAME:latest
|
||||||
--tag $IMAGE_NAME:$CI_COMMIT_SHA
|
--tag $IMAGE_NAME:$CI_COMMIT_SHA
|
||||||
--tag $IMAGE_NAME:$CI_COMMIT_TAG
|
--tag $IMAGE_NAME:$CI_COMMIT_TAG
|
||||||
.
|
.
|
||||||
|
|||||||
15
Dockerfile
15
Dockerfile
@ -6,12 +6,25 @@ ENV DEFECTDOJO_URL=""
|
|||||||
ENV DEFECTDOJO_TOKEN=""
|
ENV DEFECTDOJO_TOKEN=""
|
||||||
|
|
||||||
ARG APP_DIR=/opt/app
|
ARG APP_DIR=/opt/app
|
||||||
|
ARG ADDITIONAL_CA_URL="x"
|
||||||
|
ARG ADDITIONAL_CA_CHECKSUM="y"
|
||||||
|
|
||||||
RUN \
|
RUN \
|
||||||
apk add --no-cache syft &&\
|
apk add --no-cache syft &&\
|
||||||
adduser -s /bin/sh -D user &&\
|
adduser -s /bin/sh -D user &&\
|
||||||
mkdir -p $APP_DIR &&\
|
mkdir -p $APP_DIR &&\
|
||||||
chown user:user $APP_DIR
|
chown user:user $APP_DIR &&\
|
||||||
|
echo $ADDITIONAL_CA_URL &&\
|
||||||
|
echo $ADDITIONAL_CA_CHECKSUM &&\
|
||||||
|
if [ "$ADDITIONAL_CA_URL" != "x" ]; then \
|
||||||
|
cd /usr/share/ca-certificates; \
|
||||||
|
wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
|
||||||
|
echo "a921e440a742f1e67c7714306e2c0d76 custom-ca.crt" | md5sum -c; \
|
||||||
|
/usr/sbin/update-ca-certificates; \
|
||||||
|
echo "custom ca added"; \
|
||||||
|
else \
|
||||||
|
echo "no additional ca"; \
|
||||||
|
fi
|
||||||
|
|
||||||
USER user
|
USER user
|
||||||
WORKDIR $APP_DIR
|
WORKDIR $APP_DIR
|
||||||
|
|||||||
Reference in New Issue
Block a user