Can't override CI_APPLICATION_TAG by itself in Container Scanning
It's not possible to set only the
CI_APPLICATION_TAG variable for container scanning. A custom value for this variable will be ignored unless both the
CI_APPLICATION_TAG values have been configured.
Here's a summary of the different settings for these variables:
So it looks like if only the
CI_APPLICATION_TAG has been configured, then it'll be ignored
Steps to reproduce
Create a new project and only provide a custom
CI_APPLICATION_TAG, as in the following
include: - template: Container-Scanning.gitlab-ci.yml container_scanning: CI_APPLICATION_TAG: test-application-tag
The output should contain:
Scanning container from registry 'registry.gitlab.com/adamcohen/klar-custom-ci-application-tag/master:test-application-tag'
The actual output is:
Scanning container from registry 'registry.gitlab.com/adamcohen/klar-custom-ci-application-tag/master:f539dc57b8607477b10c0ffc04ad131a819bdd75'
What is the current bug behavior?
What is the expected correct behavior?
See discussion here
If you want to override the
CI_APPLICATION_TAG variable, you'll need to provide both the
CI_APPLICATION_TAG and the
Update DockerImageName function to allow passing only the
CI_APPLICATION_TAGvariable. It should return the following
DockerImageNamevalue from the configured environment variables:
CI_APPLICATION_REPOSITORY CI_APPLICATION_TAG CI_COMMIT_SHA CI_REGISTRY_IMAGE CI_COMMIT_REF_SLUG DockerImageName
Update tests in environment_test.go to check both the behaviour from the
CLI context, which is what's currently being tested, as well as from the
CI context. In the
CI context, the following additional environment variables are always defined:
We should make sure to add some tests to check the output of the
DockerImageNamefunction to check the behaviour of the
analyzerwhen running in the
CI contextand the above environment variables are configured.
Manually confirm this behaviour by adding a test to the container scanning test project