My cicd file:
container_scanning:
before_script:
- result=$(cat $NAME.txt)
- export VERSION="$result"
- echo $VERSION
dependencies:
- pre-build
variables:
CS_IMAGE: "<registry>/$BUILD_PATH/$NAME:$VERSION"
BUILD_PATH: "base_images"
parallel:
matrix:
- NAME: !reference [.base_images]
From my runner:
[DEBUG] [2023-03-31 06:15:32 +0000] [container-scanning] >
trivy image --vuln-type os --no-progress --offline-scan --skip-update --security-checks vuln --format template --template @/usr/local/bundle/gems/gcs-5.3.2/lib/template/trivy.tpl --output tmp.json <registry>/base_images/aws-cli:
—
I am facing some issue with using the gitlab template for container scanning
include:
- template: Jobs/Container-Scanning.gitlab-ci.yml
as shown on my ci file i’ve passed in the version from an artefact from the previous stage. and my echo does shows the correct version that i am getting. However when i run the scan, on the gitlab runner itself, no version was passed in.
Is there any steps i missed out to pass the variables from before_script?
I've tried using this in my before_script:
- result=$(cat $NAME.txt)
- export VERSION="$result"
- echo VERSION="$result"
- echo "::set-output name=version::$VERSION"
And setting this under my variables
VERSION: ${{ steps.container_scanning.outputs.version }}
CS_IMAGE: <registry>/$BUILD_PATH/$NAME:$VERSION
The end result is see when using VERSION: ${{ steps.container_scanning.outputs.version }} during the echo is }
Can you clarify what you want to achieve?
I understand that in the before_script you set the variable VERSION.
Where do you want to use this variable? If you want to use this variable in the variables section of the same job then it will not work, because the variables are set before the before_script runs.
If this is what you want then you can either
set the variable CS_IMAGE in the before_script
another job that will run before this job can publish the value of VERSION an .env file