custom ca, 7

custom ca, 6
custom ca, 5
2025-06-04 15:45:06 +02:00 · 2025-06-04 15:42:15 +02:00 · 2025-06-04 15:37:48 +02:00 · 2025-06-04 15:35:23 +02:00 · 2025-06-04 15:33:14 +02:00 · 2025-06-04 15:31:14 +02:00
2 changed files with 144 additions and 1 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,130 @@
+stages:
+  - generate-api-clients
+  - dockerize
+
+variables:
+  REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
+  IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
+  DTRACK_API_URL: https://dtrack-api-rd.krohne.com
+  DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
+  KROHNE_CA_URL: https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt
+  KROHNE_CA_CHECKSUM: a921e440a742f1e67c7714306e2c0d76
+
+.generate-api:
+  stage: generate-api-clients
+  image: openapitools/openapi-generator-cli:v7.12.0
+  tags:
+    - linux
+    - docker
+    - bash
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "main"'
+    - if: '$CI_COMMIT_TAG'
+  before_script:
+    - curl --insecure $KROHNE_CA_URL -o krohne-ca.crt
+    - echo "$KROHNE_CA_CHECKSUM  krohne-ca.crt" | md5sum -c 
+    - mv krohne-ca.crt /usr/local/share/ca-certificates
+    - update-ca-certificates
+
+
+generate-dtrack-api:
+  extends: .generate-api
+  artifacts:
+    paths:
+      - dtrack-api-client.tgz
+    expire_in: 1 week
+  script:
+    - curl ${DTRACK_API_URL}/api/openapi.json > dependencytrack-openapi.json
+    - |
+      docker-entrypoint.sh \
+      author template \
+        -g python \
+        -o dependencytrack-openapi-custom-template 
+    - sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_anyof.mustache 
+    - sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_generic.mustache 
+    - |
+      docker-entrypoint.sh \
+      generate \
+        -i dependencytrack-openapi.json \
+        -g python \
+        -o dependencytrack-client \
+        --package-name dependencytrack_api \
+        -t dependencytrack-openapi-custom-template
+    - tar -czvf dtrack-api-client.tgz dependencytrack-client
+
+
+generate-defectdojo-api:
+  extends: .generate-api
+  artifacts:
+    paths:
+      - defectdojo-api-client.tgz
+    expire_in: 1 week
+  script:
+    - curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
+    - |
+      docker-entrypoint.sh \
+      generate \
+        -i defectdojo-openapi.json \
+        -g python \
+        -o defectdojo-client \
+        --package-name defectdojo_api 
+    - tar -czvf defectdojo-api-client.tgz defectdojo-client
+
+dockerize:
+  stage: dockerize
+  image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
+  tags:
+    - linux
+    - docker
+    - bash
+  rules:
+    - if: '$CI_COMMIT_TAG'
+  script:
+    - tar -xzf defectdojo-api-client.tgz
+    - tar -xzf dtrack-api-client.tgz
+    - docker build --tag $IMAGE_NAME:latest 
+                   --tag $IMAGE_NAME:$CI_COMMIT_SHA
+                   --tag $IMAGE_NAME:$CI_COMMIT_TAG
+                   --build-arg CUSTOM_CA_URL="$KROHNE_CA_URL"
+                   --build-arg CUSTOM_CA_CHECKSUM=$KROHNE_CA_CHECKSUM
+                   .
+    - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
+    - docker push $IMAGE_NAME:latest
+    - docker push $IMAGE_NAME:$CI_COMMIT_SHA
+    - docker push $IMAGE_NAME:$CI_COMMIT_TAG
+
+
+
+#
+#  build:
+#    image: plugins/kaniko
+#    settings:
+#      repo: ${FORGE_NAME}/${CI_REPO}
+#      registry:
+#        from_secret: container_registry
+#      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
+#      username:
+#        from_secret: container_registry_username
+#      password:
+#        from_secret: container_registry_password
+#      dockerfile: Dockerfile
+#    when:
+#      - event: [ push, tag ]
+#
+#  build-for-quay:
+#    image: plugins/kaniko
+#    settings:
+#      repo: quay.io/wollud1969/${CI_REPO_NAME}
+#      registry: quay.io
+#      tags: 
+#        - latest
+#        - ${CI_COMMIT_TAG}
+#      username:
+#        from_secret: quay_username
+#      password:
+#        from_secret: quay_password
+#      dockerfile: Dockerfile
+#    when:
+#      - event: [tag]
+#
+
--- a/15
+++ b/15
@ -6,12 +6,25 @@ ENV DEFECTDOJO_URL=""
 ENV DEFECTDOJO_TOKEN=""

 ARG APP_DIR=/opt/app
+ARG ADDITIONAL_CA_URL="x"
+ARG ADDITIONAL_CA_CHECKSUM="y"

 RUN \
  apk add --no-cache syft &&\
  adduser -s /bin/sh -D user &&\
  mkdir -p $APP_DIR &&\
-  chown user:user $APP_DIR
+  chown user:user $APP_DIR &&\
+  echo $ADDITIONAL_CA_URL &&\
+  echo $ADDITIONAL_CA_CHECKSUM &&\
+  if [ "$ADDITIONAL_CA_URL" != "x" ]; then \
+    cd /usr/share/ca-certificates; \
+    wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
+    echo "a921e440a742f1e67c7714306e2c0d76  custom-ca.crt" | md5sum -c; \
+    /usr/sbin/update-ca-certificates; \
+    echo "custom ca added"; \
+  else \
+    echo "no additional ca"; \
+  fi 

 USER user
 WORKDIR $APP_DIR
Author	SHA1	Message	Date
Wolfgang Hottgenroth	c8577edf0c	custom ca, 7 Some checks failed ci/woodpecker/tag/woodpecker Pipeline failed Details	2025-06-04 15:45:06 +02:00
Wolfgang Hottgenroth	02aba34391	custom ca, 6 Some checks failed ci/woodpecker/tag/woodpecker Pipeline failed Details	2025-06-04 15:42:15 +02:00
Wolfgang Hottgenroth	1fb4c387a7	custom ca, 5 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 15:37:48 +02:00
Wolfgang Hottgenroth	92b61fdae0	custom ca, 4 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 15:35:23 +02:00
Wolfgang Hottgenroth	4ddb6cfd30	custom ca, 3 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 15:33:14 +02:00
Wolfgang Hottgenroth	0eb761db27	custom ca, 2 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 15:31:14 +02:00
Wolfgang Hottgenroth	9cc81373dc	custom ca Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 15:24:15 +02:00
Wolfgang Hottgenroth	b856424640	factorize stages Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 15:08:00 +02:00
Wolfgang Hottgenroth	d6a8f5f436	urls in variables	2025-06-04 15:01:52 +02:00
Wolfgang Hottgenroth	4cc4e5cec6	dockerize goal, 8 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 14:56:11 +02:00
Wolfgang Hottgenroth	aec0e3fb0e	dockerize goal, 7 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 14:03:39 +02:00
Wolfgang Hottgenroth	05c5c49cd5	dockerize goal, 6 All checks were successful ci/woodpecker/tag/woodpecker Pipeline was successful Details	2025-06-04 14:00:46 +02:00
Wolfgang Hottgenroth	9156b594e3	dockerize goal, 5 Some checks are pending ci/woodpecker/push/woodpecker Pipeline was successful Details ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 13:48:19 +02:00
Wolfgang Hottgenroth	4fbda91e15	dockerize goal, 4 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 13:46:16 +02:00
Wolfgang Hottgenroth	50248acefb	dockerize goal, 3 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 13:40:05 +02:00
Wolfgang Hottgenroth	c9c57445b9	dockerize goal, 2 Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 13:37:56 +02:00
Wolfgang Hottgenroth	18631dc02a	dockerize goal Some checks are pending ci/woodpecker/tag/woodpecker Pipeline is pending Details	2025-06-04 13:34:45 +02:00
Wolfgang Hottgenroth	ea90b8b8b0	fix defectdojo goal 1 All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2025-06-04 13:26:35 +02:00
Wolfgang Hottgenroth	15b2e69960	next goal	2025-06-04 13:25:22 +02:00
Wolfgang Hottgenroth	9f6f769486	add gitlab ci	2025-06-04 13:22:16 +02:00