custom ca

.gitlab-ci.yml

@@ -0,0 +1,127 @@
+stages:
+  - generate-api-clients
+  - dockerize
+
+variables:
+  REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
+  IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
+  DTRACK_API_URL: https://dtrack-api-rd.krohne.com
+  DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
+
+
+.generate-api:
+  stage: generate-api-clients
+  image: openapitools/openapi-generator-cli:v7.12.0
+  tags:
+    - linux
+    - docker
+    - bash
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "main"'
+    - if: '$CI_COMMIT_TAG'
+  before_script:
+    - curl --insecure https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt -o krohne-ca.crt
+    - echo "a921e440a742f1e67c7714306e2c0d76  krohne-ca.crt" | md5sum -c 
+    - mv krohne-ca.crt /usr/local/share/ca-certificates
+    - update-ca-certificates
+
+
+generate-dtrack-api:
+  extends: .generate-api
+  artifacts:
+    paths:
+      - dtrack-api-client.tgz
+    expire_in: 1 week
+  script:
+    - curl ${DTRACK_API_URL}/api/openapi.json > dependencytrack-openapi.json
+    - |
+      docker-entrypoint.sh \
+      author template \
+        -g python \
+        -o dependencytrack-openapi-custom-template 
+    - sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_anyof.mustache 
+    - sed -i 's/import re/import regex as re/' dependencytrack-openapi-custom-template/model_generic.mustache 
+    - |
+      docker-entrypoint.sh \
+      generate \
+        -i dependencytrack-openapi.json \
+        -g python \
+        -o dependencytrack-client \
+        --package-name dependencytrack_api \
+        -t dependencytrack-openapi-custom-template
+    - tar -czvf dtrack-api-client.tgz dependencytrack-client
+
+
+generate-defectdojo-api:
+  extends: .generate-api
+  artifacts:
+    paths:
+      - defectdojo-api-client.tgz
+    expire_in: 1 week
+  script:
+    - curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
+    - |
+      docker-entrypoint.sh \
+      generate \
+        -i defectdojo-openapi.json \
+        -g python \
+        -o defectdojo-client \
+        --package-name defectdojo_api 
+    - tar -czvf defectdojo-api-client.tgz defectdojo-client
+
+dockerize:
+  stage: dockerize
+  image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
+  tags:
+    - linux
+    - docker
+    - bash
+  rules:
+    - if: '$CI_COMMIT_TAG'
+  script:
+    - tar -xzf defectdojo-api-client.tgz
+    - tar -xzf dtrack-api-client.tgz
+    - docker build --tag $IMAGE_NAME:latest 
+                   --tag $IMAGE_NAME:$CI_COMMIT_SHA
+                   --tag $IMAGE_NAME:$CI_COMMIT_TAG
+                   .
+    - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
+    - docker push $IMAGE_NAME:latest
+    - docker push $IMAGE_NAME:$CI_COMMIT_SHA
+    - docker push $IMAGE_NAME:$CI_COMMIT_TAG
+
+
+
+#
+#  build:
+#    image: plugins/kaniko
+#    settings:
+#      repo: ${FORGE_NAME}/${CI_REPO}
+#      registry:
+#        from_secret: container_registry
+#      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
+#      username:
+#        from_secret: container_registry_username
+#      password:
+#        from_secret: container_registry_password
+#      dockerfile: Dockerfile
+#    when:
+#      - event: [ push, tag ]
+#
+#  build-for-quay:
+#    image: plugins/kaniko
+#    settings:
+#      repo: quay.io/wollud1969/${CI_REPO_NAME}
+#      registry: quay.io
+#      tags: 
+#        - latest
+#        - ${CI_COMMIT_TAG}
+#      username:
+#        from_secret: quay_username
+#      password:
+#        from_secret: quay_password
+#      dockerfile: Dockerfile
+#    when:
+#      - event: [tag]
+#
+

Dockerfile

@@ -6,12 +6,22 @@ ENV DEFECTDOJO_URL=""
 ENV DEFECTDOJO_TOKEN=""
 
 ARG APP_DIR=/opt/app
+ARG ADDITIONAL_CA_URL=""
+ARG ADDITIONAL_CA_CHECKSUM=""
 
 RUN \
   apk add --no-cache syft &&\
   adduser -s /bin/sh -D user &&\
   mkdir -p $APP_DIR &&\
-  chown user:user $APP_DIR
+  chown user:user $APP_DIR &&\
+  if [ "$ADDITIONAL_CA_URL" != "" -a "$ADDITIONAL_CA_CHECKSUM" != "" ]; then \
+    cd /usr/share/ca-certificates; \
+    wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
+    echo "a921e440a742f1e67c7714306e2c0d76  custom-ca.crt" | md5sum -c; \
+    /usr/sbin/update-ca-certificates; \
+  else \
+    echo "no additional ca"; \
+  fi 
 
 USER user
 WORKDIR $APP_DIR