From 9767e2c291f54a080ba3ac6cfd78d5da346c6c33 Mon Sep 17 00:00:00 2001
From: Igor Witz <igor.witz@etu.utc.fr>
Date: Thu, 13 Jun 2019 11:19:31 +0100
Subject: [PATCH] fix: handle simultaneous pipelines

---
 .gitlab-ci.yml                    | 14 +++++++-------
 pica-dokuwiki/clair-whitelist.yml |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 136a82fd..a32b1a7c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,8 +15,8 @@ metabuild:
     before_script:
         - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
     script:
-        - docker build -f pica-ci/Dockerfile . -t $REGISTRY/pica-ci
-        - docker push $REGISTRY/pica-ci:latest
+            - docker build -f pica-ci/Dockerfile . -t $REGISTRY/pica-ci:$CI_COMMIT_SHA
+        - docker push $REGISTRY/pica-ci:$CI_COMMIT_SHA
     after_script:
         - docker logout $REGISTRY
     tags: [build]
@@ -34,7 +34,7 @@ metabuild:
 # build the container that was modified
 build:
     stage: build
-    image: $REGISTRY/pica-ci:latest
+    image: $REGISTRY/pica-ci:$CI_COMMIT_SHA
     before_script:
         - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
         - source /etc/profile.d/ci-variables
@@ -58,7 +58,7 @@ build:
 # run CoreOS' Clair and make the CI failed if a critical vulnerability isn't in the whitelist
 clair:
     stage: static_tests
-    image: $REGISTRY/pica-ci:latest
+    image: $REGISTRY/pica-ci:$CI_COMMIT_SHA
     before_script:
         - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
         - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
@@ -91,7 +91,7 @@ clair:
 # run docker-bench-security and upload the results
 docker-bench-security:
     stage: dynamic_tests
-    image: $REGISTRY/pica-ci:latest
+    image: $REGISTRY/pica-ci:$CI_COMMIT_SHA
     before_script:
         - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
         - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
@@ -129,7 +129,7 @@ docker-bench-security:
 # automatically deploy the container on pica01-test
 deployment-test:
     stage: deployment
-    image: $REGISTRY/pica-ci:latest
+    image: $REGISTRY/pica-ci:$CI_COMMIT_SHA
     variables:
         PICA_ENVIRONMENT: "TEST"
     before_script:
@@ -171,7 +171,7 @@ deployment-test:
 # this will only happen after manually triggering the deployment
 deployment-prod:
     stage: deployment
-    image: $REGISTRY/pica-ci:latest
+    image: $REGISTRY/pica-ci:$CI_COMMIT_SHA
     variables:
         PICA_ENVIRONMENT: "PRODUCTION"
     before_script:
diff --git a/pica-dokuwiki/clair-whitelist.yml b/pica-dokuwiki/clair-whitelist.yml
index 6c0c6e6e..79ce215b 100644
--- a/pica-dokuwiki/clair-whitelist.yml
+++ b/pica-dokuwiki/clair-whitelist.yml
@@ -8,4 +8,4 @@ generalwhitelist:
     CVE-2017-12424: shadow -> Pas de contre-mesure
     CVE-2016-2779: util-linux -> Pas de contre-mesure
     CVE-2017-14062: libidn11 -> dépendance directe de wget et indirecte de curl, un des 2 est nécessaire pour le HEALTHCHECK et le téléchargement de Dokuwiki -> Pas de contre-mesure
-    CVE-2019-11068: libxslt -> dépendance de PHP, pas de contre-mesure 
\ No newline at end of file
+    CVE-2019-11068: libxslt -> dépendance de PHP, pas de contre-mesure
-- 
GitLab