From d1ae1a0816654c8b31b2a8d91cf6c915ba7bd7f2 Mon Sep 17 00:00:00 2001 From: Jonathan Serafini Date: Tue, 1 Apr 2025 18:21:13 -0400 Subject: [PATCH 1/2] update docker proxy definition --- scanner.direct.yml | 21 +++++++++++++++++++++ scanner.group.yml | 22 ++++++++++++++++++++++ scanner.yml | 19 ++++++------------- 3 files changed, 49 insertions(+), 13 deletions(-) create mode 100644 scanner.direct.yml create mode 100644 scanner.group.yml diff --git a/scanner.direct.yml b/scanner.direct.yml new file mode 100644 index 0000000..7c58f2f --- /dev/null +++ b/scanner.direct.yml @@ -0,0 +1,21 @@ +.boost_setup: + image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:26.1.0" + +.boost_dind: + services: + - name: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:26.1.0-dind" + alias: dockerdaemon + # Support for listening on TCP without authentication or explicit + # intent to run without authentication will be removed in the next + # release + command: ["--host", "tcp://0.0.0.0:2375", "--tls=false"] + + variables: + CI_DOCKER_PROXY: $CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX + DOCKER_HOST: "tcp://dockerdaemon:2375/" + DOCKER_DRIVER: overlay2 + DOCKER_TLS_CERTDIR: "" + +.boost_scan: + variables: + CI_DOCKER_PROXY: $CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX diff --git a/scanner.group.yml b/scanner.group.yml new file mode 100644 index 0000000..48f4729 --- /dev/null +++ b/scanner.group.yml @@ -0,0 +1,22 @@ +.boost_setup: + image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:26.1.0" + +.boost_dind: + services: + - name: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:26.1.0-dind" + alias: dockerdaemon + # Support for listening on TCP without authentication or explicit + # intent to run without authentication will be removed in the next + # release + command: ["--host", "tcp://0.0.0.0:2375", "--tls=false"] + + variables: + CI_DOCKER_PROXY: $CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX + DOCKER_HOST: "tcp://dockerdaemon:2375/" + DOCKER_DRIVER: overlay2 + DOCKER_TLS_CERTDIR: "" + + +.boost_scan: + variables: + CI_DOCKER_PROXY: $CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX diff --git a/scanner.yml b/scanner.yml index 654fbb0..0b3d72a 100644 --- a/scanner.yml +++ b/scanner.yml @@ -46,7 +46,11 @@ boost_init_config boost_init_cli - | - for i in $(seq 1 30); do + if [ -n "${CI_DOCKER_PROXY:-}" ]; then + echo "${CI_DEPENDENCY_PROXY_PASSWORD}" | docker login "${CI_DEPENDENCY_PROXY_SERVER}" -u "${CI_DEPENDENCY_PROXY_USER}" --password-stdin + fi + - | + for i in $(seq 1 60); do if ! docker info &> /dev/null; then echo "Docker not responding yet. Sleeping for 1s..." && sleep 1s else @@ -54,16 +58,6 @@ break fi done - - | - if [ "${BOOST_DOCKER_PROXY:-}" == "group" ]; then - export CI_DOCKER_PROXY="${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}" - elif [ "${BOOST_DOCKER_PROXY:-}" == "direct" ]; then - export CI_DOCKER_PROXY="${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}" - fi - - if [ -n "${CI_DOCKER_PROXY:-}" ]; then - echo "${CI_DEPENDENCY_PROXY_PASSWORD}" | docker login "${CI_DEPENDENCY_PROXY_SERVER}" -u "${CI_DEPENDENCY_PROXY_USER}" --password-stdin - fi .boost_dind: @@ -74,7 +68,6 @@ # intent to run without authentication will be removed in the next # release command: ["--host", "tcp://0.0.0.0:2375", "--tls=false"] - variables: DOCKER_HOST: "tcp://dockerdaemon:2375/" DOCKER_DRIVER: overlay2 @@ -89,9 +82,9 @@ .boost_scan: extends: + - .boost_rules - .boost_dind - .boost_setup - - .boost_rules script: - ${BOOST_EXE} scan ${BOOST_SCAN_MODE} ${BOOST_CLI_ARGUMENTS:-} variables: From cb26f6f685ba85e3af0191559c6ac52f7e2c0117 Mon Sep 17 00:00:00 2001 From: Jonathan Serafini Date: Tue, 22 Apr 2025 09:28:25 -0400 Subject: [PATCH 2/2] upgrade docker to 28 --- scanner.direct.yml | 4 ++-- scanner.group.yml | 4 ++-- scanner.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scanner.direct.yml b/scanner.direct.yml index 7c58f2f..b66e29a 100644 --- a/scanner.direct.yml +++ b/scanner.direct.yml @@ -1,9 +1,9 @@ .boost_setup: - image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:26.1.0" + image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:28-cli" .boost_dind: services: - - name: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:26.1.0-dind" + - name: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:28-dind" alias: dockerdaemon # Support for listening on TCP without authentication or explicit # intent to run without authentication will be removed in the next diff --git a/scanner.group.yml b/scanner.group.yml index 48f4729..882f8fb 100644 --- a/scanner.group.yml +++ b/scanner.group.yml @@ -1,9 +1,9 @@ .boost_setup: - image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:26.1.0" + image: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:28-cli" .boost_dind: services: - - name: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:26.1.0-dind" + - name: "${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/docker:28-dind" alias: dockerdaemon # Support for listening on TCP without authentication or explicit # intent to run without authentication will be removed in the next diff --git a/scanner.yml b/scanner.yml index 0b3d72a..554c7dc 100644 --- a/scanner.yml +++ b/scanner.yml @@ -1,5 +1,5 @@ .boost_setup: - image: "docker:26.1.0" + image: "docker:28-cli" before_script: - | @@ -62,7 +62,7 @@ .boost_dind: services: - - name: "docker:26.1.0-dind" + - name: "docker:28-dind" alias: dockerdaemon # Support for listening on TCP without authentication or explicit # intent to run without authentication will be removed in the next