Can't override CI_APPLICATION_TAG by itself in Container Scanning
Summary
It's not possible to set only the CI_APPLICATION_TAG
variable for container scanning. A custom value for this variable will be ignored unless both the CI_APPLICATION_REPOSITORY
and CI_APPLICATION_TAG
values have been configured.
Here's a summary of the different settings for these variables:
CI_APPLICATION_REPOSITORY | CI_APPLICATION_TAG | Actual | Expected | Correct? |
---|---|---|---|---|
test-repository |
test-application-tag |
test-repository:test-application-tag |
test-repository:test-application-tag |
|
test-repository |
test-repository:d118e6c444b7284d4d822bb3eb3a4a8cc1c45035 |
test-repository:d118e6c444b7284d4d822bb3eb3a4a8cc1c45035 |
||
test-application-tag |
registry.gitlab.com/adamcohen/klar-custom-ci-application-tag/master:03a6767da9defb40613a3fd795f6e124ff0ce5e8 |
registry.gitlab.com/adamcohen/klar-custom-ci-application-tag/master:test-application-tag |
So it looks like if only the CI_APPLICATION_TAG
has been configured, then it'll be ignored
Steps to reproduce
Create a new project and only provide a custom CI_APPLICATION_TAG
, as in the following .gitlab-ci.yml
:
include:
- template: Container-Scanning.gitlab-ci.yml
container_scanning:
CI_APPLICATION_TAG: test-application-tag
The output should contain:
Scanning container from registry 'registry.gitlab.com/adamcohen/klar-custom-ci-application-tag/master:test-application-tag'
The actual output is:
Scanning container from registry 'registry.gitlab.com/adamcohen/klar-custom-ci-application-tag/master:f539dc57b8607477b10c0ffc04ad131a819bdd75'
Example Project
https://gitlab.com/adamcohen/klar-custom-ci-application-tag
What is the current bug behavior?
What is the expected correct behavior?
Related issues
See discussion here
Work around
If you want to override the CI_APPLICATION_TAG
variable, you'll need to provide both the CI_APPLICATION_TAG
and the CI_APPLICATION_REPOSITORY
variables
Possible fixes
-
Update DockerImageName function to allow passing only the CI_APPLICATION_TAG
variable. It should return the followingDockerImageName
value from the configured environment variables:CI_APPLICATION_REPOSITORY CI_APPLICATION_TAG CI_COMMIT_SHA CI_REGISTRY_IMAGE CI_COMMIT_REF_SLUG DockerImageName test-application-tag
abcd123
registry.gitlab.com/someuser/some-project
some-branch
registry.gitlab.com/someuser/some-project/some-branch:abcd123
-
Update tests in environment_test.go to check both the behaviour from the CLI context
, which is what's currently being tested, as well as from theCI context
. In theCI context
, the following additional environment variables are always defined:CI_COMMIT_SHA
CI_REGISTRY_IMAGE
CI_COMMIT_REF_SLUG
We should make sure to add some tests to check the output of the
DockerImageName
function to check the behaviour of theanalyzer
when running in theCI context
and the above environment variables are configured. -
Manually confirm this behaviour by adding a test to the container scanning test project