Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

docker/build

Configure jobs to build an image using Docker and then scan it for vulnerabilities.

Description

This component configures a job that uses the GitLab Auto Build image to build a Docker image for this project, and then includes the computing/gitlab/components/container-scanning/container-scanning component to scan the new image for vulnerabilities.

The following jobs are automatically configured:

Job name Description
build Build a container image from a Dockerfile and push it to the GitLab Container Registry
container_scanning Scan the newly built image for vulnerabilities

Job names are configurable

As per the Inputs below, the names given to each of the jobs is configurable.

Usage

include:
  - component: git.ligo.org/computing/gitlab/components/docker/build@<VERSION>
    inputs:
      stage: build

Inputs

Input Default value Description
stage build The pipeline stage to add jobs to
job_name build Name to give the build job
dockerfile The path of the Dockerfile to build
build_args Extra arguments to pass to docker build
default_image_name <image_name> The name of the image to compare to when scanning a newly built image. Set to the name of the image in the upstream project to enable scanning from forks.
image_name $CI_REGISTRY_IMAGE The name of the image to push to the container registry
image_tag The tag to give this image in the registry, defaults to the commit SHA
auto_build_image_version "v4.10.0" Version of auto-build-image to use
container_scanning_job_name container_scanning Name to give the container-scanning job
container_scanning_component_version 4 Version of the components/container-scanning component to use

Customisation

Passing extra arguments to the build

The execution of the Docker build can be customisation in one of the following ways:

  • For fixed extra arguments to be applied to every pipeline, specify the build_args input with a string of arguments.

  • To set arguments dynamically for manual or scheduled pipelines, set the DOCKER_BUILD_ARGS variable when configuring the pipeline.

Special characters need special handling

To pass complete values like spaces and newlines, use Base64 encoding. See Pass arguments to docker build on the GitLab docs for more details.

Examples

Building an subproject application in a monorepo

To build a container image for a subproject that is managed as part of a monorepo, specify each of the following inputs

  • default_image_name
  • dockerfile
  • image_name

Build a subproject in a monorepo

include:
  - component: git.ligo.org/computing/gitlab/components/docker/build@<VERSION>
    inputs:
      # path to the Dockerfile in the subproject directory
      dockerfile: subproject1/Dockerfile
      # name to give the container image in the GitLab container registry
      image_name: $CI_REGISTRY_IMAGE/all
      # name of the image to compare to when scanning
      default_image_name: mygroup/mymonorepo/subproject1

Custom build arguments

To customise the build arguments for all builds, specify the build_args input:

Custom build arguments

include:
  - component: git.ligo.org/computing/gitlab/components/docker/build@<VERSION>
    inputs:
      build_args: "--build-arg=FROM_IMAGE=rockylinux:9"