Commit f5a0848a authored by Dennis Appelt's avatar Dennis Appelt
Browse files

ci: add latest release

parent f6ab6f41
......@@ -16,7 +16,7 @@ build-image:
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:latest --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
only:
- tags
......
......@@ -44,3 +44,22 @@ DEBUG=pkgs* "HTR_user=someuser" "HTR_pass=somepass" node cli.js analyze gitlab.t
The archive will be send to the Package Hunter server and any suspicious behavior will be reported back. To get an overview of the rules that were violated, you can use jq like so `... analyze gitlab.tgz | jq .result[].rule`.
The Package Hunter server requires authentication. User and password have to be provided to the client via the env var `HTR_user` and `HTR_pass` ([credentials](https://start.1password.com/open/i?a=LKATQYUATRBRDHRRABEBH4RJ5Y&v=6gq44ckmq23vqk5poqunurdgay&i=rvy4v2kvdjcpnoiihlm3vlda34&h=gitlab.1password.com) are in 1Password)
## Publishing
This project uses semantic versioning. To publish a new release, add a git tag and push it. For example, to create release `1.2.3` run:
```sh
git tag 1.2.3
git push --tags
```
A CI job will build the release and publish the release in the projects container registry. Execute the release with:
```sh
docker run registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:1.2.3
# or to run the latest release
docker run registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
```
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment