Adding security testing job #3
Conversation
| |-v ${docker_workspace_dir}/Dockerfile:/dockerdir/Dockerfile \\ | ||
| |-v /var/run/docker.sock:/var/run/docker.sock \\ | ||
| |-w /dockerdir \\ | ||
| |luismsousa/docker-security-test rake |
There was a problem hiding this comment.
@kramos please add this to the following line:
luismsousa/docker-security-test rake CUCUMBER_OPTS="features --format json --guess -o cubumber.out"
This overrides the rake opts and outputs the result of the test to a file on the volume. This fine can then be used in the jenkins job to read the number of passed tests and set a quality gate.
There was a problem hiding this comment.
Thanks @NinjaPT added that (and had to mount the workspace in as well). Pretty graphs were generated.
|
Is this line correct? https://github.com/Accenture/adop-cartridge-docker/pull/3/files?w=1#diff-3135ba3887142379aefbab6c0a4d126fR547 Also, there's a lot of whitespace changes that are getting picked up - are those tabs that are becoming spaces (which is OK)? |
|
Hi @nickdgriffin thanks for reviewing. Yes the whitespace changes were replacing tabs. Hopefully the latest version of the file universally displays nicely. The change of the variable to dockerhub was intentional since currently the code makes no attempt to consider alternative docker registries (and I didn't try to improve that). |
| |echo "Use the darrenajackson/image-inspector container to inspect the image" | ||
| |# Set path workspace is available from inside docker machine | ||
| |export docker_workspace_dir=$(echo ${WORKSPACE} | sed 's#/workspace#/var/lib/docker/volumes/jenkins_slave_home/_data#') | ||
| |docker run --rm \\ |
There was a problem hiding this comment.
next line contains filter by name of the container, but i don't see that we have the name for the container which we run here.
docker rm --force $(docker ps -a -q --filter 'name=container-to-delete')
may be i didn't get the idea, but it looks docker rm have nothing to do with this specific job, please, correct me if i'm wrong
There was a problem hiding this comment.
Hi @anton-kasperovich, @NinjaPT's luismsousa/docker-security-test image gets cleaned up by the --rm as you'd expect, but it also creates it's own containers as part of the testing and we struggled get it to clear these up properly (during the test tear downs). So the explicit rm line is a bit of a hack to tidy.
|
@NinjaPT @RobertNorthard I made the changes we discussed:
|
subodh-hatkar
left a comment
subodh-hatkar
left a comment
There was a problem hiding this comment.
The following line is causing an error in Container_Test Job
|docker rm --force $(docker ps -a -q --filter 'name=container-to-delete')
The filtered name of container is generalized which should be specific.
Also, "--rm" option in docker run removes the container after the completion of container task, so I don't think this line is required.
5 participants
In addition to adding a new pipeline stage, this also improve the job descriptions, fixes the layout of the dsl, and reduces the complexity of the credentials. Rather than working around the fact that you can't pass a credential parameter down the pipeline (you can but it won't bind unless it's globally scoped), it just has the credential parameters at the point they are needed and relies on default names (unless you change them).
May have an impact on training course instructions i.e. where to add the parameters.