Update .gitlab-ci.yml, pica-etherpad/clair-whitelist.yml files

b394125c · Igor Witz · f466232a · b394125c · b394125c
Commit b394125c authored 6 years ago by Igor Witz
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -95,32 +95,32 @@ docker-bench-security:

 deployment-pica01-test: 
    stage: deployment
-    variables:
-        DOCKER_HOST: "pica01-test.picasoft.net:2376"
    before_script:
        - apk update
        - apk add wget py-pip git iproute2
-        - pip install docker-compose
-        - export DOCKER_TLS_VERIFY=1
-        - export DOCKER_CERT_PATH=/tmp/certs
-        - mkdir -p $DOCKER_CERT_PATH
-        - echo "$DEV_DOCKER_CA_CERT" > $DOCKER_CERT_PATH/ca.pem
-        - echo "$DEV_DOCKER_CLIENT_CERT" > $DOCKER_CERT_PATH/cert.pem
-        - echo "$DEV_DOCKER_CLIENT_KEY" > $DOCKER_CERT_PATH/key.pem
+        - pip install docker-compose        
        - chmod +x get-modified-image.sh 
        - export MODIFIED_IMAGE_FULL=$(./get-modified-image.sh)
        - export MODIFIED_IMAGE=$(echo $MODIFIED_IMAGE_FULL | cut -d ':' -f1)
        - export CURRENT_CONTAINER_ID=$(docker container ls -a | grep pica-dokuwiki| cut -d ' ' -f1)
        - echo $REGISTRY_PASSWORD | docker login $REGISTRY -u $REGISTRY_USERNAME --password-stdin
-    script:
        - docker pull $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest
        - docker tag $REGISTRY/ci-builds/$CI_COMMIT_SHA:latest  $REGISTRY/$MODIFIED_IMAGE_FULL
        - docker push $REGISTRY/$MODIFIED_IMAGE_FULL
+        - docker logout $REGISTRY 
+        - export DOCKER_HOST=tcp://pica01-test.picasoft.net:2376
+        - export DOCKER_TLS_VERIFY=1
+        - export DOCKER_CERT_PATH=/tmp/certs
+        - mkdir -p $DOCKER_CERT_PATH
+        - echo "$DEV_DOCKER_CA_CERT" > $DOCKER_CERT_PATH/ca.pem
+        - echo "$DEV_DOCKER_CLIENT_CERT" > $DOCKER_CERT_PATH/cert.pem
+        - echo "$DEV_DOCKER_CLIENT_KEY" > $DOCKER_CERT_PATH/key.pem
+    script:
+        
        - cd /docker
        - docker-compose up -d --force-recreate --remove-orphans $(cat docker-compose.yml | grep $MODIFIED_IMAGE -B1 | head -n1 | cut -d ':' -f1)
    after_script:
        - rm -rf $DOCKER_CERT_PATH
-        - docker logout $REGISTRY 
    tags: [build]
    only:
        changes:

--- a/pica-etherpad/clair-whitelist.yml
+++ b/pica-etherpad/clair-whitelist.yml
@@ -12,4 +12,4 @@ generalwhitelist:
    CVE-2018-1000001: glibc -> Pas de contre mesure
    CVE-2017-1000408: glibc -> Pas de contre mesure
    CVE-2018-6954: systemd -> Pas de contre mesure
-    CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure
\ No newline at end of file
+    CVE-2018-6797: Perl est une dépendance du client mysql et la version non vulnérable dans stretch n'a pas été backportée -> Pas de contre-mesure 
\ No newline at end of file