`container` Submodule ¶

Structs ¶

AWSRegistryProps ¶

Initializer ¶

from gcix import container

container.AWSRegistryProps(
  account_id: str = None,
  region: str = None
)

Properties ¶

Name	Type	Description
`account_id`	`str`	AWS account id.
`region`	`str`	AWS region where the ECR repository lives in.

`account_id`^Optional ¶

account_id: str

Type: str
Default: AWSAccount.awsAccountId()

AWS account id.

`region`^Optional ¶

region: str

Type: str
Default: AWSAccount.awsRegion()

AWS region where the ECR repository lives in.

BuildContainerCollectionProps ¶

Initializer ¶

from gcix import container

container.BuildContainerCollectionProps(
  docker_client_config: DockerClientConfig = None,
  do_crane_push: bool = None,
  do_dive_scan: bool = None,
  do_trivyignore_check: bool = None,
  do_trivy_scan: bool = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  registry: typing.Union[str, Registry] = None
)

Properties ¶

Name	Type	Description
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_crane_push`	`bool`	Set to `false` to skip the Crane push job.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Image tag.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`registry`	`typing.Union[str, Registry]`	Container registry to push the image to.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_crane_push`^Optional ¶

do_crane_push: bool

Type: bool
Default: true

Set to false to skip the Crane push job.

`do_dive_scan`^Optional ¶

do_dive_scan: bool

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Optional ¶

do_trivyignore_check: bool

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Optional ¶

do_trivy_scan: bool

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`image_name`^Optional ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Image name with stage in the registry.

e.g. username/imageName.

`image_tag`^Optional ¶

image_tag: str

Type: str
Default: PredefinedVariables.ciCommitRefName

Image tag.

Depending of the build it defaults either to the git tag or to the actual branch name.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`registry`^Optional ¶

registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

CopyContainerCollectionProps ¶

Initializer ¶

from gcix import container

container.CopyContainerCollectionProps(
  image_name: str,
  image_tag: str,
  docker_client_config: DockerClientConfig = None,
  do_dive_scan: bool = None,
  do_trivyignore_check: bool = None,
  do_trivy_scan: bool = None,
  dst_registry: typing.Union[str, Registry] = None,
  job_name: str = None,
  job_stage: str = None,
  src_registry: typing.Union[str, Registry] = None
)

Properties ¶

Name	Type	Description
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Container image tag to pull from `srcRegistry` and push to `dstRegistry`.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`dst_registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`src_registry`	`typing.Union[str, Registry]`	Container registry to pull the image from.

`image_name`^Required ¶

image_name: str

Type: str

Image name with stage in the registry.

e.g. username/image_name.

`image_tag`^Required ¶

image_tag: str

Type: str

Container image tag to pull from srcRegistry and push to dstRegistry.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_dive_scan`^Optional ¶

do_dive_scan: bool

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Optional ¶

do_trivyignore_check: bool

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Optional ¶

do_trivy_scan: bool

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`dst_registry`^Optional ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`src_registry`^Optional ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to pull the image from.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

CraneCopyProps ¶

Initializer ¶

from gcix import container

container.CraneCopyProps(
  dst_registry: typing.Union[str, Registry],
  src_registry: typing.Union[str, Registry],
  docker_client_config: DockerClientConfig = None,
  job_name: str = None,
  job_stage: str = None
)

Properties ¶

Name	Type	Description
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`src_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image from.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image from.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

CranePullProps ¶

Initializer ¶

from gcix import container

container.CranePullProps(
  src_registry: typing.Union[str, Registry],
  docker_client_config: DockerClientConfig = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  tar_path: str = None
)

Properties ¶

Name	Type	Description
`src_registry`	`typing.Union[str, Registry]`	Registry URL to pull container image from.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`image_name`	`str`	Container image with namespace to pull from `srcRegistry`.
`image_tag`	`str`	Tag of the image which will be pulled.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`tar_path`	`str`	Path where to save the container image tarball.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to pull container image from.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`image_name`^Optional ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Container image with namespace to pull from srcRegistry.

`image_tag`^Optional ¶

image_tag: str

Type: str
Default: latest

Tag of the image which will be pulled.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`tar_path`^Optional ¶

tar_path: str

Type: str
Default: PredefinedVariables.ciProjectDir

Path where to save the container image tarball.

CranePushProps ¶

Initializer ¶

from gcix import container

container.CranePushProps(
  dst_registry: typing.Union[str, Registry],
  docker_client_config: DockerClientConfig = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  tar_path: str = None
)

Properties ¶

Name	Type	Description
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`tar_path`	`str`	Path where to find the container image tarball.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`image_name`^Optional ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Container image name, searched for in imagePath and gets .tar appended.

`image_tag`^Optional ¶

image_tag: str

Type: str
Default: PredefinedVariables.ciCommitTag

The tag the image will be tagged with.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`tar_path`^Optional ¶

tar_path: str

Type: str
Default: PredefinedVariables.ciProjectDir

Path where to find the container image tarball.

DiveScanProps ¶

Initializer ¶

from gcix import container

container.DiveScanProps(
  highest_user_wasted_percent: typing.Union[int, float] = None,
  highest_wasted_bytes: typing.Union[int, float] = None,
  ignore_errors: bool = None,
  image_name: str = None,
  image_path: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  lowest_efficiency: typing.Union[int, float] = None,
  source: str = None
)

Properties ¶

Name	Type	Description
`highest_user_wasted_percent`	`typing.Union[int, float]`	Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.
`highest_wasted_bytes`	`typing.Union[int, float]`	Highest allowable bytes wasted, otherwise CI validation will fail.
`ignore_errors`	`bool`	Ignore image parsing errors and run the analysis anyway.
`image_name`	`str`	Name of the container image to scan, if `source` is `docker-archive` argument gets prefix `.tar`.
`image_path`	`str`	Path to the image can be either a remote container registry, as well as a local path to an image.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`lowest_efficiency`	`typing.Union[int, float]`	Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.
`source`	`str`	The container engine to fetch the image from.

`highest_user_wasted_percent`^Optional ¶

highest_user_wasted_percent: typing.Union[int, float]

Type: typing.Union[int, float]
Default: 0.1

Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.

`highest_wasted_bytes`^Optional ¶

highest_wasted_bytes: typing.Union[int, float]

Type: typing.Union[int, float]

Highest allowable bytes wasted, otherwise CI validation will fail.

`ignore_errors`^Optional ¶

ignore_errors: bool

Type: bool
Default: false

Ignore image parsing errors and run the analysis anyway.

`image_name`^Optional ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Name of the container image to scan, if source is docker-archive argument gets prefix .tar.

`image_path`^Optional ¶

image_path: str

Type: str
Default: PredefinedVariables.ciProjectPath

Path to the image can be either a remote container registry, as well as a local path to an image.

`image_tag`^Optional ¶

image_tag: str

Type: str
Default: PredefinedVariables.ciCommitTag

The tag the image will be tagged with.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`lowest_efficiency`^Optional ¶

lowest_efficiency: typing.Union[int, float]

Type: typing.Union[int, float]
Default: 0.9

Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.

`source`^Optional ¶

source: str

Type: str
Default: "docker-archive

The container engine to fetch the image from.

Allowed values: docker, podman, docker-archive

DockerBuildProps ¶

Initializer ¶

from gcix import container

container.DockerBuildProps(
  repository: str,
  context: str = None,
  job_name: str = None,
  job_stage: str = None,
  tag: str = None
)

Properties ¶

Name	Type	Description
`repository`	`str`	The Docker repository name `([<registry>/]<image>)`.
`context`	`str`	The Docker build context (the directory containing the Dockerfile).
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`tag`	`str`	A Docker image tag applied to the image.

`repository`^Required ¶

repository: str

Type: str

The Docker repository name ([<registry>/]<image>).

`context`^Optional ¶

context: str

Type: str
Default: .

The Docker build context (the directory containing the Dockerfile).

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`tag`^Optional ¶

tag: str

Type: str

A Docker image tag applied to the image.

If not set docker uses latest

DockerClientConfigProps ¶

Initializer ¶

from gcix import container

container.DockerClientConfigProps(
  config_file_path: str = None
)

Properties ¶

Name	Type	Description
`config_file_path`	`str`	Docker client config path.

`config_file_path`^Optional ¶

config_file_path: str

Type: str
Default: $HOME/.docker/config.json

Docker client config path.

DockerPushProps ¶

Initializer ¶

from gcix import container

container.DockerPushProps(
  container_image: str,
  job_name: str = None,
  job_stage: str = None,
  login_env_var: str = None,
  registry: str = None,
  tag: str = None,
  user_env_var: str = None
)

Properties ¶

Name	Type	Description
`container_image`	`str`	The name of the Docker image to push to the `registry`.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`login_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.
`registry`	`str`	The Docker registry the image should be pushed to.
`tag`	`str`	The Docker image tag that should be pushed to the `registry`.
`user_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

`container_image`^Required ¶

container_image: str

Type: str

The name of the Docker image to push to the registry.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`login_env_var`^Optional ¶

login_env_var: str

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.

DO NOT PROVIDE THE LOGIN VALUE ITSELF! This would be a security issue!

`registry`^Optional ¶

registry: str

Type: str
Default: index.docker.io/v1

The Docker registry the image should be pushed to.

`tag`^Optional ¶

tag: str

Type: str
Default: latest

The Docker image tag that should be pushed to the registry.

`user_env_var`^Optional ¶

user_env_var: str

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

DO NOT PROVIDE THE USERNAME VALUE ITSELF! This would be a security issue!

KanikoExecuteProps ¶

Initializer ¶

from gcix import container

container.KanikoExecuteProps(
  build_args: typing.Mapping[typing.Any] = None,
  build_target: str = None,
  context: str = None,
  docker_client_config: DockerClientConfig = None,
  dockerfile: str = None,
  enable_push: bool = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  registries: typing.Union[typing.List[str], typing.List[Registry]] = None,
  tar_path: str = None,
  verbosity: str = None
)

Properties ¶

Name	Type	Description
`build_args`	`typing.Mapping[typing.Any]`	Container build arguments, used to instrument the container image build.
`build_target`	`str`	For container multistage builds name of the build stage you want to create.
`context`	`str`	Context which will be send to kaniko.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`dockerfile`	`str`	Name of the dockerfile to use.
`enable_push`	`bool`	Enable push to container registry, disabled to allow subsequent jobs to.
`image_name`	`str`	Image name which will be created.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`registries`	`typing.Union[typing.List[str], typing.List[Registry]]`	List of container registries to push created image to.
`tar_path`	`str`	Container images created by kaniko are tarball files.
`verbosity`	`str`	Verbosity of kaniko logging.

`build_args`^Optional ¶

build_args: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

Container build arguments, used to instrument the container image build.

`build_target`^Optional ¶

build_target: str

Type: str

For container multistage builds name of the build stage you want to create.

Image tag will be appended with the build_target. e.g. latest-buildtarget.

`context`^Optional ¶

context: str

Type: str

Context which will be send to kaniko.

Defaults to None which implies the local directory is the context.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`dockerfile`^Optional ¶

dockerfile: str

Type: str
Default: "Dockerfile"

Name of the dockerfile to use.

File is relative to context.

`enable_push`^Optional ¶

enable_push: bool

Type: bool
Default: false act on container tarball.

Enable push to container registry, disabled to allow subsequent jobs to.

`image_name`^Optional ¶

image_name: str

Type: str
Default: PredefinedVariables.CI_PROJECT_NAME.

Image name which will be created.

`image_tag`^Optional ¶

image_tag: str

Type: str
Default: PredefinedVariables.CI_COMMIT_TAG

The tag the image will be tagged with.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`registries`^Optional ¶

registries: typing.Union[typing.List[str], typing.List[Registry]]

Type: typing.Union[typing.List[str], typing.List[Registry]]

List of container registries to push created image to.

`tar_path`^Optional ¶

tar_path: str

Type: str

Container images created by kaniko are tarball files.

This is the path where to store the image, will be named with suffix .tar. This path will be created if not present.

`verbosity`^Optional ¶

verbosity: str

Type: str
Default: "info"

Verbosity of kaniko logging.

TrivyIgnoreFileCheckProps ¶

Initializer ¶

from gcix import container

container.TrivyIgnoreFileCheckProps(
  job_name: str = None,
  job_stage: str = None,
  trivyignore_path: str = None
)

Properties ¶

Name	Type	Description
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`trivyignore_path`	`str`	Path to the `.trivyignore` file.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`trivyignore_path`^Optional ¶

trivyignore_path: str

Type: str
Default: PredefinedVariables.ciProjectDir/.trivyignore

Path to the .trivyignore file.

TrivyScanLocalImageProps ¶

Initializer ¶

from gcix import container

container.TrivyScanLocalImageProps(
  debug: bool = None,
  exit_if_vulnerable: bool = None,
  image_name: str = None,
  image_path: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  output_format: str = None,
  severity: str = None,
  trivy_config: str = None,
  vulnerability_types: str = None
)

Properties ¶

Name	Type	Description
`debug`	`bool`	If trivy should run in debug mode.
`exit_if_vulnerable`	`bool`	Exit code when vulnerabilities were found.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_path`	`str`	Path where to find the container image.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`output_format`	`str`	Scan output format, possible values (table, json).
`severity`	`str`	Severities of vulnerabilities to be displayed (comma separated).
`trivy_config`	`str`	Additional options to pass to `trivy` binary.
`vulnerability_types`	`str`	List of vulnerability types (comma separated).

`debug`^Optional ¶

debug: bool

Type: bool
Default: false

If trivy should run in debug mode.

`exit_if_vulnerable`^Optional ¶

exit_if_vulnerable: bool

Type: bool
Default: true

Exit code when vulnerabilities were found.

If true exit code is 1 else 0.

`image_name`^Optional ¶

image_name: str

Type: str
Default: PredefinedVariables.CI_PROJECT_NAME

Container image name, searched for in imagePath and gets .tar appended.

`image_path`^Optional ¶

image_path: str

Type: str
Default: PredefinedVariables.CI_PROJECT_DIR

Path where to find the container image.

`image_tag`^Optional ¶

image_tag: str

Type: str
Default: PredefinedVariables.CI_COMMIT_TAG

The tag the image will be tagged with.

`job_name`^Optional ¶

job_name: str

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

job_stage: str

Type: str

The stage of the Bootstrap job.

`output_format`^Optional ¶

output_format: str

Type: str
Default: "table"

Scan output format, possible values (table, json).

`severity`^Optional ¶

severity: str

Type: str
Default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"

Severities of vulnerabilities to be displayed (comma separated).

`trivy_config`^Optional ¶

trivy_config: str

Type: str

Additional options to pass to trivy binary.

`vulnerability_types`^Optional ¶

vulnerability_types: str

Type: str
Default: "os,library"

List of vulnerability types (comma separated).

Classes ¶

BuildContainerCollection ¶

Implements: IBuildContainerCollection

Creates a gcip.Sequence to build, scan and push a container image.

The build step is executed by KanikoExecute, it will build the container image an outputs it to a tarball. There are two scan's, optimization scan with DiveScan to scan storage wasting in container image and a vulnerability scan with TrivyScanLocalImage. Both outputs are uploaded as an artifact to the GitLab instance. The container image is uploaded with CranePush.

Initializers ¶

from gcix import container

container.BuildContainerCollection(
  docker_client_config: DockerClientConfig = None,
  do_crane_push: bool = None,
  do_dive_scan: bool = None,
  do_trivyignore_check: bool = None,
  do_trivy_scan: bool = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  registry: typing.Union[str, Registry] = None
)

Name	Type	Description
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_crane_push`	`bool`	Set to `false` to skip the Crane push job.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Image tag.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`registry`	`typing.Union[str, Registry]`	Container registry to push the image to.

`docker_client_config`^Optional ¶

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_crane_push`^Optional ¶

Type: bool
Default: true

Set to false to skip the Crane push job.

`do_dive_scan`^Optional ¶

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Optional ¶

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Optional ¶

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectName

Image name with stage in the registry.

e.g. username/imageName.

`image_tag`^Optional ¶

Type: str
Default: PredefinedVariables.ciCommitRefName

Image tag.

Depending of the build it defaults either to the git tag or to the actual branch name.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`registry`^Optional ¶

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

Methods ¶

Name	Description
`add_children`	Add `gcix.Job`s or other `gcix.JobCollection`s to this JobCollection.
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	No description.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`get_all_instance_names`	Return all instance names from the given child.
`initialize_allow_failure`	Calling `gcix.Job.assignAllowFailure()` to all jobs within this JobCollection that haven't been set the allowFailure before.
`initialize_artifacts`	Sets `gcix.Job.artifacts` to all jobs within this JobCollection that haven't been set the artifacs before.
`initialize_cache`	Calling `gcix.Job.assigneCache()` to all jobs within this JobCollection that haven't been set the cache before.
`initialize_dependencies`	Calling `gcix.Job.assignDependencies()` to all jobs within the first stage of this JobCollection that haven't been added dependencies before.
`initialize_image`	Calling `gcix.Job.assignImage()` to all jobs within this JobCollection.
`initialize_needs`	Calling `gcix.Job.assignNeeds()` to all jobs within the first stage of this JobCollection that haven't been added needs before.
`initialize_rules`	Calling `gcix.Job.append_rules()` to all jobs within this JobCollection that haven't been added rules before.
`initialize_tags`	Calling `gcix.Job.addTags([...])` to all jobs within this JobCollection that haven't been added tags before.
`initialize_variables`	Calling `gcix.Job.addVariables({...})` to all jobs within this JobCollection that haven't been added variables before.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`override_allow_failure`	Calling `gcix.Job.assignAllowFailure()` to all jobs within this JobCollection overriding any previous set value.
`override_dependencies`	Calling `gcix.Job.assignDependencies()` to all jobs within the first stage of this JobCollection and overriding any previously added dependencies to that jobs.
`override_image`	Calling `gcix.Job.assignImage()` to all jobs within this JobCollection overriding any previous set value.
`override_needs`	Calling `gcix.Job.assignNeeds()` to all jobs within the first stage of this JobCollection and overriding any previously added needs to that jobs.
`override_rules`	Calling `gcix.Job.overrideRules()` to all jobs within this JobCollection and overriding any previously added rules to that jobs.
`override_tags`	Calling `gcix.Job.addTags([...])` to all jobs within this JobCollection and overriding any previously added tags to that jobs.
`override_variables`	Calling `gcix.Job.addVariables({...})` to all jobs within this JobCollection and overriding any previously added variables to that jobs.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_children` ¶

def add_children(
  jobs_or_job_collections: typing.List[typing.Union[Job, JobCollection]],
  name: str = None,
  stage: str = None
) -> JobCollection

Add gcix.Jobs or other gcix.JobCollections to this JobCollection.

Adding a child creates a copy of that child. You should provide a name or stage when adding children, to make them different from other places where they will be used.

`jobs_or_job_collections`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`name`^Optional ¶

Type: str

`stage`^Optional ¶

Type: str

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: JobCollection
) -> None

`parent`^Required ¶

Type: gcix.JobCollection

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> JobCollection

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> JobCollection

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> JobCollection

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> JobCollection

`scripts`^Required ¶

Type: typing.List[str]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> JobCollection

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> JobCollection

`cache`^Required ¶

Type: gcix.Cache

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this JobCollection and all parent JobCollection's.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`initialize_allow_failure` ¶

def initialize_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> JobCollection

Calling gcix.Job.assignAllowFailure() to all jobs within this JobCollection that haven't been set the allowFailure before.

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`initialize_artifacts` ¶

def initialize_artifacts(
  artifacts: Artifacts
) -> JobCollection

Sets gcix.Job.artifacts to all jobs within this JobCollection that haven't been set the artifacs before.

`artifacts`^Required ¶

Type: gcix.Artifacts

`initialize_cache` ¶

def initialize_cache(
  cache: Cache
) -> JobCollection

Calling gcix.Job.assigneCache() to all jobs within this JobCollection that haven't been set the cache before.

`cache`^Required ¶

Type: gcix.Cache

`initialize_dependencies` ¶

def initialize_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignDependencies() to all jobs within the first stage of this JobCollection that haven't been added dependencies before.

An empty parameter list means that jobs will get an empty dependency list and thus does not download artifacts by default.

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`initialize_image` ¶

def initialize_image(
  image: typing.Union[str, Image]
) -> JobCollection

Calling gcix.Job.assignImage() to all jobs within this JobCollection.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`initialize_needs` ¶

def initialize_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignNeeds() to all jobs within the first stage of this JobCollection that haven't been added needs before.

An empty parameter list means that jobs will get an empty dependency list and thus does not depend on other jobs by default.

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`initialize_rules` ¶

def initialize_rules(
  rules: typing.List[Rule]
) -> JobCollection

Calling gcix.Job.append_rules() to all jobs within this JobCollection that haven't been added rules before.

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`initialize_tags` ¶

def initialize_tags(
  tags: typing.List[str]
) -> JobCollection

Calling gcix.Job.addTags([...]) to all jobs within this JobCollection that haven't been added tags before.

`tags`^Required ¶

Type: typing.List[str]

`initialize_variables` ¶

def initialize_variables(
  variables: typing.Mapping[str]
) -> JobCollection

Calling gcix.Job.addVariables({...}) to all jobs within this JobCollection that haven't been added variables before.

`variables`^Required ¶

Type: typing.Mapping[str]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`override_allow_failure` ¶

def override_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> JobCollection

Calling gcix.Job.assignAllowFailure() to all jobs within this JobCollection overriding any previous set value.

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`override_dependencies` ¶

def override_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignDependencies() to all jobs within the first stage of this JobCollection and overriding any previously added dependencies to that jobs.

An empty parameter list means that jobs will get an empty dependency list and thus does not download artifacts.

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`override_image` ¶

def override_image(
  image: typing.Union[str, Image]
) -> JobCollection

Calling gcix.Job.assignImage() to all jobs within this JobCollection overriding any previous set value.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`override_needs` ¶

def override_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignNeeds() to all jobs within the first stage of this JobCollection and overriding any previously added needs to that jobs.

An empty parameter list means that jobs will get an empty dependency list and thus does not depend on other jobs.

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`override_rules` ¶

def override_rules(
  rules: typing.List[Rule]
) -> JobCollection

Calling gcix.Job.overrideRules() to all jobs within this JobCollection and overriding any previously added rules to that jobs.

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`override_tags` ¶

def override_tags(
  tags: typing.List[str]
) -> JobCollection

Calling gcix.Job.addTags([...]) to all jobs within this JobCollection and overriding any previously added tags to that jobs.

`tags`^Required ¶

Type: typing.List[str]

`override_variables` ¶

def override_variables(
  variables: typing.Mapping[str]
) -> JobCollection

Calling gcix.Job.addVariables({...}) to all jobs within this JobCollection and overriding any previously added variables to that jobs.

`variables`^Required ¶

Type: typing.Mapping[str]

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> JobCollection

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> JobCollection

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`last_jobs_executed`	`typing.List[gcix.Job]`	This property returns all Jobs from the last stage of this JobCollection.
`nested_jobs`	`typing.List[gcix.Job]`	No description.
`populated_jobs`	`typing.List[gcix.Job]`	Returns a list with populated copies of all nested jobs of this JobCollection.
`children`	`typing.List[gcix.ChildDict]`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`ordered_tags_for_initialization`	`gcix.OrderedStringSet`	No description.
`ordered_tags_for_replacement`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`allow_failure_for_initialization`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`allow_failure_for_replacement`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`artifacts_for_initialization`	`gcix.Artifacts`	No description.
`artifacts_for_replacement`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`cache_for_initialization`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`dependencies_for_initialization`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`dependencies_for_replacement`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image_for_initialization`	`typing.Union[str, gcix.Image]`	No description.
`image_for_replacement`	`typing.Union[str, gcix.Image]`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`needs_for_initialization`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`needs_for_replacement`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`rules_for_initialization`	`typing.List[gcix.Rule]`	No description.
`rules_for_replacement`	`typing.List[gcix.Rule]`	No description.
`rules_to_append`	`typing.List[gcix.Rule]`	No description.
`rules_to_prepend`	`typing.List[gcix.Rule]`	No description.
`scripts_to_append`	`typing.List[str]`	No description.
`scripts_to_prepend`	`typing.List[str]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`variables_for_initialization`	`typing.Mapping[str]`	No description.
`variables_for_replacement`	`typing.Mapping[str]`	No description.
`crane_push_job`	`CranePush`	Crane push job.
`dive_scan_job`	`DiveScan`	Dive scan job.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_crane_push`	`bool`	Set to `false` to skip the Crane push job.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Image tag.
`kaniko_execute_job`	`KanikoExecute`	Kaniko execute job.
`registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`trivy_ignore_file_check_job`	`TrivyIgnoreFileCheck`	Trivy ignore file check job.
`trivy_scan_local_image_job`	`TrivyScanLocalImage`	Trivy scan local image job.

`last_jobs_executed`^Required ¶

last_jobs_executed: typing.List[Job]

Type: typing.List[gcix.Job]

This property returns all Jobs from the last stage of this JobCollection.

This is typically be requested from a job which has setup this JobCollection as need, to determine all actual jobs of this JobCollection as need.

`nested_jobs`^Required ¶

nested_jobs: typing.List[Job]

Type: typing.List[gcix.Job]

`populated_jobs`^Required ¶

populated_jobs: typing.List[Job]

Type: typing.List[gcix.Job]

Returns a list with populated copies of all nested jobs of this JobCollection.

Populated means, that all attributes of a Job which depends on its context are resolved to their final values. The context is primarily the JobCollection within the jobs resides but also dependencies to other jobs and JobCollection's. Thus this JobCollection will apply its own configuration, like variables to add, tags to set, etc., to all its jobs and JobCollection's.

Copies means what it says, that the returned job are not the same job objects, originally added to this JobCollection, but copies of them.

Nested means, that also jobs from JobCollection's within this JobCollection, are returned, as well as jobs from JobCollection's within JobCollection's within this JobCollection and so on.

`children`^Required ¶

children: typing.List[ChildDict]

Type: typing.List[gcix.ChildDict]

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`ordered_tags_for_initialization`^Required ¶

ordered_tags_for_initialization: OrderedStringSet

Type: gcix.OrderedStringSet

`ordered_tags_for_replacement`^Required ¶

ordered_tags_for_replacement: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`allow_failure_for_initialization`^Optional ¶

allow_failure_for_initialization: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`allow_failure_for_replacement`^Optional ¶

allow_failure_for_replacement: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`artifacts_for_initialization`^Optional ¶

artifacts_for_initialization: Artifacts

Type: gcix.Artifacts

`artifacts_for_replacement`^Optional ¶

artifacts_for_replacement: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`cache_for_initialization`^Optional ¶

cache_for_initialization: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`dependencies_for_initialization`^Optional ¶

dependencies_for_initialization: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`dependencies_for_replacement`^Optional ¶

dependencies_for_replacement: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image_for_initialization`^Optional ¶

image_for_initialization: typing.Union[str, Image]

Type: typing.Union[str, gcix.Image]

`image_for_replacement`^Optional ¶

image_for_replacement: typing.Union[str, Image]

Type: typing.Union[str, gcix.Image]

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`needs_for_initialization`^Optional ¶

needs_for_initialization: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`needs_for_replacement`^Optional ¶

needs_for_replacement: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`rules_for_initialization`^Optional ¶

rules_for_initialization: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_for_replacement`^Optional ¶

rules_for_replacement: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_to_append`^Optional ¶

rules_to_append: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_to_prepend`^Optional ¶

rules_to_prepend: typing.List[Rule]

Type: typing.List[gcix.Rule]

`scripts_to_append`^Optional ¶

scripts_to_append: typing.List[str]

Type: typing.List[str]

`scripts_to_prepend`^Optional ¶

scripts_to_prepend: typing.List[str]

Type: typing.List[str]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`variables_for_initialization`^Optional ¶

variables_for_initialization: typing.Mapping[str]

Type: typing.Mapping[str]

`variables_for_replacement`^Optional ¶

variables_for_replacement: typing.Mapping[str]

Type: typing.Mapping[str]

`crane_push_job`^Required ¶

crane_push_job: CranePush

Type: CranePush

Crane push job.

`dive_scan_job`^Required ¶

dive_scan_job: DiveScan

Type: DiveScan

Dive scan job.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_crane_push`^Required ¶

do_crane_push: bool

Type: bool

Set to false to skip the Crane push job.

`do_dive_scan`^Required ¶

do_dive_scan: bool

Type: bool

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Required ¶

do_trivyignore_check: bool

Type: bool

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Required ¶

do_trivy_scan: bool

Type: bool

Set to false to skip the Trivy scan job.

`image_name`^Required ¶

image_name: str

Type: str

Image name with stage in the registry.

e.g. username/imageName.

`image_tag`^Required ¶

image_tag: str

Type: str

Image tag.

Depending of the build it defaults either to the git tag or to the actual branch name.

`kaniko_execute_job`^Required ¶

kaniko_execute_job: KanikoExecute

Type: KanikoExecute

Kaniko execute job.

`registry`^Required ¶

registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`trivy_ignore_file_check_job`^Required ¶

trivy_ignore_file_check_job: TrivyIgnoreFileCheck

Type: TrivyIgnoreFileCheck

Trivy ignore file check job.

`trivy_scan_local_image_job`^Required ¶

trivy_scan_local_image_job: TrivyScanLocalImage

Type: TrivyScanLocalImage

Trivy scan local image job.

BuildGitlabContainerCollection ¶

BuildGitlabContainerCollection class.

Orchestrates a GitLab-specific CI/CD pipeline for building, scanning, and pushing container images. Extends the BuildContainerCollection class. Handles GitLab-specific configurations, such as image name, registry, and Docker client authentication.

Initializers ¶

from gcix import container

container.BuildGitlabContainerCollection(
  docker_client_config: DockerClientConfig = None,
  do_crane_push: bool = None,
  do_dive_scan: bool = None,
  do_trivyignore_check: bool = None,
  do_trivy_scan: bool = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  registry: typing.Union[str, Registry] = None
)

Name	Type	Description
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_crane_push`	`bool`	Set to `false` to skip the Crane push job.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Image tag.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`registry`	`typing.Union[str, Registry]`	Container registry to push the image to.

`docker_client_config`^Optional ¶

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_crane_push`^Optional ¶

Type: bool
Default: true

Set to false to skip the Crane push job.

`do_dive_scan`^Optional ¶

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Optional ¶

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Optional ¶

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectName

Image name with stage in the registry.

e.g. username/imageName.

`image_tag`^Optional ¶

Type: str
Default: PredefinedVariables.ciCommitRefName

Image tag.

Depending of the build it defaults either to the git tag or to the actual branch name.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`registry`^Optional ¶

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

Methods ¶

Name	Description
`add_children`	Add `gcix.Job`s or other `gcix.JobCollection`s to this JobCollection.
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	No description.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`get_all_instance_names`	Return all instance names from the given child.
`initialize_allow_failure`	Calling `gcix.Job.assignAllowFailure()` to all jobs within this JobCollection that haven't been set the allowFailure before.
`initialize_artifacts`	Sets `gcix.Job.artifacts` to all jobs within this JobCollection that haven't been set the artifacs before.
`initialize_cache`	Calling `gcix.Job.assigneCache()` to all jobs within this JobCollection that haven't been set the cache before.
`initialize_dependencies`	Calling `gcix.Job.assignDependencies()` to all jobs within the first stage of this JobCollection that haven't been added dependencies before.
`initialize_image`	Calling `gcix.Job.assignImage()` to all jobs within this JobCollection.
`initialize_needs`	Calling `gcix.Job.assignNeeds()` to all jobs within the first stage of this JobCollection that haven't been added needs before.
`initialize_rules`	Calling `gcix.Job.append_rules()` to all jobs within this JobCollection that haven't been added rules before.
`initialize_tags`	Calling `gcix.Job.addTags([...])` to all jobs within this JobCollection that haven't been added tags before.
`initialize_variables`	Calling `gcix.Job.addVariables({...})` to all jobs within this JobCollection that haven't been added variables before.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`override_allow_failure`	Calling `gcix.Job.assignAllowFailure()` to all jobs within this JobCollection overriding any previous set value.
`override_dependencies`	Calling `gcix.Job.assignDependencies()` to all jobs within the first stage of this JobCollection and overriding any previously added dependencies to that jobs.
`override_image`	Calling `gcix.Job.assignImage()` to all jobs within this JobCollection overriding any previous set value.
`override_needs`	Calling `gcix.Job.assignNeeds()` to all jobs within the first stage of this JobCollection and overriding any previously added needs to that jobs.
`override_rules`	Calling `gcix.Job.overrideRules()` to all jobs within this JobCollection and overriding any previously added rules to that jobs.
`override_tags`	Calling `gcix.Job.addTags([...])` to all jobs within this JobCollection and overriding any previously added tags to that jobs.
`override_variables`	Calling `gcix.Job.addVariables({...})` to all jobs within this JobCollection and overriding any previously added variables to that jobs.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_children` ¶

def add_children(
  jobs_or_job_collections: typing.List[typing.Union[Job, JobCollection]],
  name: str = None,
  stage: str = None
) -> JobCollection

Add gcix.Jobs or other gcix.JobCollections to this JobCollection.

Adding a child creates a copy of that child. You should provide a name or stage when adding children, to make them different from other places where they will be used.

`jobs_or_job_collections`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`name`^Optional ¶

Type: str

`stage`^Optional ¶

Type: str

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: JobCollection
) -> None

`parent`^Required ¶

Type: gcix.JobCollection

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> JobCollection

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> JobCollection

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> JobCollection

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> JobCollection

`scripts`^Required ¶

Type: typing.List[str]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> JobCollection

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> JobCollection

`cache`^Required ¶

Type: gcix.Cache

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this JobCollection and all parent JobCollection's.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`initialize_allow_failure` ¶

def initialize_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> JobCollection

Calling gcix.Job.assignAllowFailure() to all jobs within this JobCollection that haven't been set the allowFailure before.

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`initialize_artifacts` ¶

def initialize_artifacts(
  artifacts: Artifacts
) -> JobCollection

Sets gcix.Job.artifacts to all jobs within this JobCollection that haven't been set the artifacs before.

`artifacts`^Required ¶

Type: gcix.Artifacts

`initialize_cache` ¶

def initialize_cache(
  cache: Cache
) -> JobCollection

Calling gcix.Job.assigneCache() to all jobs within this JobCollection that haven't been set the cache before.

`cache`^Required ¶

Type: gcix.Cache

`initialize_dependencies` ¶

def initialize_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignDependencies() to all jobs within the first stage of this JobCollection that haven't been added dependencies before.

An empty parameter list means that jobs will get an empty dependency list and thus does not download artifacts by default.

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`initialize_image` ¶

def initialize_image(
  image: typing.Union[str, Image]
) -> JobCollection

Calling gcix.Job.assignImage() to all jobs within this JobCollection.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`initialize_needs` ¶

def initialize_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignNeeds() to all jobs within the first stage of this JobCollection that haven't been added needs before.

An empty parameter list means that jobs will get an empty dependency list and thus does not depend on other jobs by default.

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`initialize_rules` ¶

def initialize_rules(
  rules: typing.List[Rule]
) -> JobCollection

Calling gcix.Job.append_rules() to all jobs within this JobCollection that haven't been added rules before.

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`initialize_tags` ¶

def initialize_tags(
  tags: typing.List[str]
) -> JobCollection

Calling gcix.Job.addTags([...]) to all jobs within this JobCollection that haven't been added tags before.

`tags`^Required ¶

Type: typing.List[str]

`initialize_variables` ¶

def initialize_variables(
  variables: typing.Mapping[str]
) -> JobCollection

Calling gcix.Job.addVariables({...}) to all jobs within this JobCollection that haven't been added variables before.

`variables`^Required ¶

Type: typing.Mapping[str]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`override_allow_failure` ¶

def override_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> JobCollection

Calling gcix.Job.assignAllowFailure() to all jobs within this JobCollection overriding any previous set value.

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`override_dependencies` ¶

def override_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignDependencies() to all jobs within the first stage of this JobCollection and overriding any previously added dependencies to that jobs.

An empty parameter list means that jobs will get an empty dependency list and thus does not download artifacts.

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`override_image` ¶

def override_image(
  image: typing.Union[str, Image]
) -> JobCollection

Calling gcix.Job.assignImage() to all jobs within this JobCollection overriding any previous set value.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`override_needs` ¶

def override_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignNeeds() to all jobs within the first stage of this JobCollection and overriding any previously added needs to that jobs.

An empty parameter list means that jobs will get an empty dependency list and thus does not depend on other jobs.

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`override_rules` ¶

def override_rules(
  rules: typing.List[Rule]
) -> JobCollection

Calling gcix.Job.overrideRules() to all jobs within this JobCollection and overriding any previously added rules to that jobs.

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`override_tags` ¶

def override_tags(
  tags: typing.List[str]
) -> JobCollection

Calling gcix.Job.addTags([...]) to all jobs within this JobCollection and overriding any previously added tags to that jobs.

`tags`^Required ¶

Type: typing.List[str]

`override_variables` ¶

def override_variables(
  variables: typing.Mapping[str]
) -> JobCollection

Calling gcix.Job.addVariables({...}) to all jobs within this JobCollection and overriding any previously added variables to that jobs.

`variables`^Required ¶

Type: typing.Mapping[str]

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> JobCollection

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> JobCollection

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`last_jobs_executed`	`typing.List[gcix.Job]`	This property returns all Jobs from the last stage of this JobCollection.
`nested_jobs`	`typing.List[gcix.Job]`	No description.
`populated_jobs`	`typing.List[gcix.Job]`	Returns a list with populated copies of all nested jobs of this JobCollection.
`children`	`typing.List[gcix.ChildDict]`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`ordered_tags_for_initialization`	`gcix.OrderedStringSet`	No description.
`ordered_tags_for_replacement`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`allow_failure_for_initialization`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`allow_failure_for_replacement`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`artifacts_for_initialization`	`gcix.Artifacts`	No description.
`artifacts_for_replacement`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`cache_for_initialization`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`dependencies_for_initialization`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`dependencies_for_replacement`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image_for_initialization`	`typing.Union[str, gcix.Image]`	No description.
`image_for_replacement`	`typing.Union[str, gcix.Image]`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`needs_for_initialization`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`needs_for_replacement`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`rules_for_initialization`	`typing.List[gcix.Rule]`	No description.
`rules_for_replacement`	`typing.List[gcix.Rule]`	No description.
`rules_to_append`	`typing.List[gcix.Rule]`	No description.
`rules_to_prepend`	`typing.List[gcix.Rule]`	No description.
`scripts_to_append`	`typing.List[str]`	No description.
`scripts_to_prepend`	`typing.List[str]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`variables_for_initialization`	`typing.Mapping[str]`	No description.
`variables_for_replacement`	`typing.Mapping[str]`	No description.
`crane_push_job`	`CranePush`	Crane push job.
`dive_scan_job`	`DiveScan`	Dive scan job.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_crane_push`	`bool`	Set to `false` to skip the Crane push job.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Image tag.
`kaniko_execute_job`	`KanikoExecute`	Kaniko execute job.
`registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`trivy_ignore_file_check_job`	`TrivyIgnoreFileCheck`	Trivy ignore file check job.
`trivy_scan_local_image_job`	`TrivyScanLocalImage`	Trivy scan local image job.

`last_jobs_executed`^Required ¶

last_jobs_executed: typing.List[Job]

Type: typing.List[gcix.Job]

This property returns all Jobs from the last stage of this JobCollection.

This is typically be requested from a job which has setup this JobCollection as need, to determine all actual jobs of this JobCollection as need.

`nested_jobs`^Required ¶

nested_jobs: typing.List[Job]

Type: typing.List[gcix.Job]

`populated_jobs`^Required ¶

populated_jobs: typing.List[Job]

Type: typing.List[gcix.Job]

Returns a list with populated copies of all nested jobs of this JobCollection.

Populated means, that all attributes of a Job which depends on its context are resolved to their final values. The context is primarily the JobCollection within the jobs resides but also dependencies to other jobs and JobCollection's. Thus this JobCollection will apply its own configuration, like variables to add, tags to set, etc., to all its jobs and JobCollection's.

Copies means what it says, that the returned job are not the same job objects, originally added to this JobCollection, but copies of them.

Nested means, that also jobs from JobCollection's within this JobCollection, are returned, as well as jobs from JobCollection's within JobCollection's within this JobCollection and so on.

`children`^Required ¶

children: typing.List[ChildDict]

Type: typing.List[gcix.ChildDict]

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`ordered_tags_for_initialization`^Required ¶

ordered_tags_for_initialization: OrderedStringSet

Type: gcix.OrderedStringSet

`ordered_tags_for_replacement`^Required ¶

ordered_tags_for_replacement: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`allow_failure_for_initialization`^Optional ¶

allow_failure_for_initialization: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`allow_failure_for_replacement`^Optional ¶

allow_failure_for_replacement: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`artifacts_for_initialization`^Optional ¶

artifacts_for_initialization: Artifacts

Type: gcix.Artifacts

`artifacts_for_replacement`^Optional ¶

artifacts_for_replacement: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`cache_for_initialization`^Optional ¶

cache_for_initialization: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`dependencies_for_initialization`^Optional ¶

dependencies_for_initialization: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`dependencies_for_replacement`^Optional ¶

dependencies_for_replacement: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image_for_initialization`^Optional ¶

image_for_initialization: typing.Union[str, Image]

Type: typing.Union[str, gcix.Image]

`image_for_replacement`^Optional ¶

image_for_replacement: typing.Union[str, Image]

Type: typing.Union[str, gcix.Image]

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`needs_for_initialization`^Optional ¶

needs_for_initialization: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`needs_for_replacement`^Optional ¶

needs_for_replacement: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`rules_for_initialization`^Optional ¶

rules_for_initialization: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_for_replacement`^Optional ¶

rules_for_replacement: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_to_append`^Optional ¶

rules_to_append: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_to_prepend`^Optional ¶

rules_to_prepend: typing.List[Rule]

Type: typing.List[gcix.Rule]

`scripts_to_append`^Optional ¶

scripts_to_append: typing.List[str]

Type: typing.List[str]

`scripts_to_prepend`^Optional ¶

scripts_to_prepend: typing.List[str]

Type: typing.List[str]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`variables_for_initialization`^Optional ¶

variables_for_initialization: typing.Mapping[str]

Type: typing.Mapping[str]

`variables_for_replacement`^Optional ¶

variables_for_replacement: typing.Mapping[str]

Type: typing.Mapping[str]

`crane_push_job`^Required ¶

crane_push_job: CranePush

Type: CranePush

Crane push job.

`dive_scan_job`^Required ¶

dive_scan_job: DiveScan

Type: DiveScan

Dive scan job.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_crane_push`^Required ¶

do_crane_push: bool

Type: bool

Set to false to skip the Crane push job.

`do_dive_scan`^Required ¶

do_dive_scan: bool

Type: bool

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Required ¶

do_trivyignore_check: bool

Type: bool

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Required ¶

do_trivy_scan: bool

Type: bool

Set to false to skip the Trivy scan job.

`image_name`^Required ¶

image_name: str

Type: str

Image name with stage in the registry.

e.g. username/imageName.

`image_tag`^Required ¶

image_tag: str

Type: str

Image tag.

Depending of the build it defaults either to the git tag or to the actual branch name.

`kaniko_execute_job`^Required ¶

kaniko_execute_job: KanikoExecute

Type: KanikoExecute

Kaniko execute job.

`registry`^Required ¶

registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`trivy_ignore_file_check_job`^Required ¶

trivy_ignore_file_check_job: TrivyIgnoreFileCheck

Type: TrivyIgnoreFileCheck

Trivy ignore file check job.

`trivy_scan_local_image_job`^Required ¶

trivy_scan_local_image_job: TrivyScanLocalImage

Type: TrivyScanLocalImage

Trivy scan local image job.

CopyContainerCollection ¶

Implements: ICopyContainerCollection

Creates a gcip.Sequence to pull, scan and push a container image.

The pull step is executed by CranePull, it will pull the container image and outputs it to a tarball. There are two scan's, optimization scan with DiveScan to scan storage wasting in container image and a vulnerability scan with TrivyScanLocalImage. Both outputs are uploaded as an artifact to the GitLab instance. Built container image is uploaded with CranePush.

NOTE: We decided to use caches instead of artifacts to pass the Docker image tar archive from one job to another. This is because those tar archives could become very large - especially larger then the maximum artifact size limit. This limit can just be adjusted by the admin of the gitlab instance, so your pipeline would never work, your Gitlab provider would not adjust this limit for you. For caches on the other hand you can define storage backends at the base of your Gitlab runners.

Furthermore we set the cache key to the pipeline ID. This is because the name and tag of the image does not ensure that the downloaded tar is unique, as the image behind the image tag could be overridden. So we ensure uniqueness by downloading the image once per pipeline.

Initializers ¶

from gcix import container

container.CopyContainerCollection(
  image_name: str,
  image_tag: str,
  docker_client_config: DockerClientConfig = None,
  do_dive_scan: bool = None,
  do_trivyignore_check: bool = None,
  do_trivy_scan: bool = None,
  dst_registry: typing.Union[str, Registry] = None,
  job_name: str = None,
  job_stage: str = None,
  src_registry: typing.Union[str, Registry] = None
)

Name	Type	Description
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Container image tag to pull from `srcRegistry` and push to `dstRegistry`.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`dst_registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`src_registry`	`typing.Union[str, Registry]`	Container registry to pull the image from.

`image_name`^Required ¶

Type: str

Image name with stage in the registry.

e.g. username/image_name.

`image_tag`^Required ¶

Type: str

Container image tag to pull from srcRegistry and push to dstRegistry.

`docker_client_config`^Optional ¶

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_dive_scan`^Optional ¶

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Optional ¶

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Optional ¶

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`dst_registry`^Optional ¶

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`src_registry`^Optional ¶

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to pull the image from.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

Methods ¶

Name	Description
`add_children`	Add `gcix.Job`s or other `gcix.JobCollection`s to this JobCollection.
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	No description.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`get_all_instance_names`	Return all instance names from the given child.
`initialize_allow_failure`	Calling `gcix.Job.assignAllowFailure()` to all jobs within this JobCollection that haven't been set the allowFailure before.
`initialize_artifacts`	Sets `gcix.Job.artifacts` to all jobs within this JobCollection that haven't been set the artifacs before.
`initialize_cache`	Calling `gcix.Job.assigneCache()` to all jobs within this JobCollection that haven't been set the cache before.
`initialize_dependencies`	Calling `gcix.Job.assignDependencies()` to all jobs within the first stage of this JobCollection that haven't been added dependencies before.
`initialize_image`	Calling `gcix.Job.assignImage()` to all jobs within this JobCollection.
`initialize_needs`	Calling `gcix.Job.assignNeeds()` to all jobs within the first stage of this JobCollection that haven't been added needs before.
`initialize_rules`	Calling `gcix.Job.append_rules()` to all jobs within this JobCollection that haven't been added rules before.
`initialize_tags`	Calling `gcix.Job.addTags([...])` to all jobs within this JobCollection that haven't been added tags before.
`initialize_variables`	Calling `gcix.Job.addVariables({...})` to all jobs within this JobCollection that haven't been added variables before.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`override_allow_failure`	Calling `gcix.Job.assignAllowFailure()` to all jobs within this JobCollection overriding any previous set value.
`override_dependencies`	Calling `gcix.Job.assignDependencies()` to all jobs within the first stage of this JobCollection and overriding any previously added dependencies to that jobs.
`override_image`	Calling `gcix.Job.assignImage()` to all jobs within this JobCollection overriding any previous set value.
`override_needs`	Calling `gcix.Job.assignNeeds()` to all jobs within the first stage of this JobCollection and overriding any previously added needs to that jobs.
`override_rules`	Calling `gcix.Job.overrideRules()` to all jobs within this JobCollection and overriding any previously added rules to that jobs.
`override_tags`	Calling `gcix.Job.addTags([...])` to all jobs within this JobCollection and overriding any previously added tags to that jobs.
`override_variables`	Calling `gcix.Job.addVariables({...})` to all jobs within this JobCollection and overriding any previously added variables to that jobs.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_children` ¶

def add_children(
  jobs_or_job_collections: typing.List[typing.Union[Job, JobCollection]],
  name: str = None,
  stage: str = None
) -> JobCollection

Add gcix.Jobs or other gcix.JobCollections to this JobCollection.

Adding a child creates a copy of that child. You should provide a name or stage when adding children, to make them different from other places where they will be used.

`jobs_or_job_collections`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`name`^Optional ¶

Type: str

`stage`^Optional ¶

Type: str

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: JobCollection
) -> None

`parent`^Required ¶

Type: gcix.JobCollection

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> JobCollection

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> JobCollection

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> JobCollection

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> JobCollection

`scripts`^Required ¶

Type: typing.List[str]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> JobCollection

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> JobCollection

`cache`^Required ¶

Type: gcix.Cache

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this JobCollection and all parent JobCollection's.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`initialize_allow_failure` ¶

def initialize_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> JobCollection

Calling gcix.Job.assignAllowFailure() to all jobs within this JobCollection that haven't been set the allowFailure before.

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`initialize_artifacts` ¶

def initialize_artifacts(
  artifacts: Artifacts
) -> JobCollection

Sets gcix.Job.artifacts to all jobs within this JobCollection that haven't been set the artifacs before.

`artifacts`^Required ¶

Type: gcix.Artifacts

`initialize_cache` ¶

def initialize_cache(
  cache: Cache
) -> JobCollection

Calling gcix.Job.assigneCache() to all jobs within this JobCollection that haven't been set the cache before.

`cache`^Required ¶

Type: gcix.Cache

`initialize_dependencies` ¶

def initialize_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignDependencies() to all jobs within the first stage of this JobCollection that haven't been added dependencies before.

An empty parameter list means that jobs will get an empty dependency list and thus does not download artifacts by default.

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`initialize_image` ¶

def initialize_image(
  image: typing.Union[str, Image]
) -> JobCollection

Calling gcix.Job.assignImage() to all jobs within this JobCollection.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`initialize_needs` ¶

def initialize_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignNeeds() to all jobs within the first stage of this JobCollection that haven't been added needs before.

An empty parameter list means that jobs will get an empty dependency list and thus does not depend on other jobs by default.

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`initialize_rules` ¶

def initialize_rules(
  rules: typing.List[Rule]
) -> JobCollection

Calling gcix.Job.append_rules() to all jobs within this JobCollection that haven't been added rules before.

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`initialize_tags` ¶

def initialize_tags(
  tags: typing.List[str]
) -> JobCollection

Calling gcix.Job.addTags([...]) to all jobs within this JobCollection that haven't been added tags before.

`tags`^Required ¶

Type: typing.List[str]

`initialize_variables` ¶

def initialize_variables(
  variables: typing.Mapping[str]
) -> JobCollection

Calling gcix.Job.addVariables({...}) to all jobs within this JobCollection that haven't been added variables before.

`variables`^Required ¶

Type: typing.Mapping[str]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`override_allow_failure` ¶

def override_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> JobCollection

Calling gcix.Job.assignAllowFailure() to all jobs within this JobCollection overriding any previous set value.

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`override_dependencies` ¶

def override_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignDependencies() to all jobs within the first stage of this JobCollection and overriding any previously added dependencies to that jobs.

An empty parameter list means that jobs will get an empty dependency list and thus does not download artifacts.

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`override_image` ¶

def override_image(
  image: typing.Union[str, Image]
) -> JobCollection

Calling gcix.Job.assignImage() to all jobs within this JobCollection overriding any previous set value.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`override_needs` ¶

def override_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> JobCollection

Calling gcix.Job.assignNeeds() to all jobs within the first stage of this JobCollection and overriding any previously added needs to that jobs.

An empty parameter list means that jobs will get an empty dependency list and thus does not depend on other jobs.

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`override_rules` ¶

def override_rules(
  rules: typing.List[Rule]
) -> JobCollection

Calling gcix.Job.overrideRules() to all jobs within this JobCollection and overriding any previously added rules to that jobs.

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`override_tags` ¶

def override_tags(
  tags: typing.List[str]
) -> JobCollection

Calling gcix.Job.addTags([...]) to all jobs within this JobCollection and overriding any previously added tags to that jobs.

`tags`^Required ¶

Type: typing.List[str]

`override_variables` ¶

def override_variables(
  variables: typing.Mapping[str]
) -> JobCollection

Calling gcix.Job.addVariables({...}) to all jobs within this JobCollection and overriding any previously added variables to that jobs.

`variables`^Required ¶

Type: typing.Mapping[str]

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> JobCollection

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> JobCollection

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`last_jobs_executed`	`typing.List[gcix.Job]`	This property returns all Jobs from the last stage of this JobCollection.
`nested_jobs`	`typing.List[gcix.Job]`	No description.
`populated_jobs`	`typing.List[gcix.Job]`	Returns a list with populated copies of all nested jobs of this JobCollection.
`children`	`typing.List[gcix.ChildDict]`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`ordered_tags_for_initialization`	`gcix.OrderedStringSet`	No description.
`ordered_tags_for_replacement`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`allow_failure_for_initialization`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`allow_failure_for_replacement`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`artifacts_for_initialization`	`gcix.Artifacts`	No description.
`artifacts_for_replacement`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`cache_for_initialization`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`dependencies_for_initialization`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`dependencies_for_replacement`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image_for_initialization`	`typing.Union[str, gcix.Image]`	No description.
`image_for_replacement`	`typing.Union[str, gcix.Image]`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`needs_for_initialization`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`needs_for_replacement`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`rules_for_initialization`	`typing.List[gcix.Rule]`	No description.
`rules_for_replacement`	`typing.List[gcix.Rule]`	No description.
`rules_to_append`	`typing.List[gcix.Rule]`	No description.
`rules_to_prepend`	`typing.List[gcix.Rule]`	No description.
`scripts_to_append`	`typing.List[str]`	No description.
`scripts_to_prepend`	`typing.List[str]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`variables_for_initialization`	`typing.Mapping[str]`	No description.
`variables_for_replacement`	`typing.Mapping[str]`	No description.
`crane_pull_job`	`CranePull`	CranPull job.
`crane_push_job`	`CranePush`	No description.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`dst_registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Container image tag to pull from `srcRegistry` and push to `dstRegistry`.
`src_registry`	`typing.Union[str, Registry]`	Container registry to pull the image from.
`dive_scan_job`	`DiveScan`	Dive scan job.
`trivy_ignore_file_check_job`	`TrivyIgnoreFileCheck`	Trivy ignore file check job.
`trivy_scan_local_image_job`	`TrivyScanLocalImage`	Trivy scan local image job.

`last_jobs_executed`^Required ¶

last_jobs_executed: typing.List[Job]

Type: typing.List[gcix.Job]

This property returns all Jobs from the last stage of this JobCollection.

This is typically be requested from a job which has setup this JobCollection as need, to determine all actual jobs of this JobCollection as need.

`nested_jobs`^Required ¶

nested_jobs: typing.List[Job]

Type: typing.List[gcix.Job]

`populated_jobs`^Required ¶

populated_jobs: typing.List[Job]

Type: typing.List[gcix.Job]

Returns a list with populated copies of all nested jobs of this JobCollection.

Populated means, that all attributes of a Job which depends on its context are resolved to their final values. The context is primarily the JobCollection within the jobs resides but also dependencies to other jobs and JobCollection's. Thus this JobCollection will apply its own configuration, like variables to add, tags to set, etc., to all its jobs and JobCollection's.

Copies means what it says, that the returned job are not the same job objects, originally added to this JobCollection, but copies of them.

Nested means, that also jobs from JobCollection's within this JobCollection, are returned, as well as jobs from JobCollection's within JobCollection's within this JobCollection and so on.

`children`^Required ¶

children: typing.List[ChildDict]

Type: typing.List[gcix.ChildDict]

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`ordered_tags_for_initialization`^Required ¶

ordered_tags_for_initialization: OrderedStringSet

Type: gcix.OrderedStringSet

`ordered_tags_for_replacement`^Required ¶

ordered_tags_for_replacement: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`allow_failure_for_initialization`^Optional ¶

allow_failure_for_initialization: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`allow_failure_for_replacement`^Optional ¶

allow_failure_for_replacement: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`artifacts_for_initialization`^Optional ¶

artifacts_for_initialization: Artifacts

Type: gcix.Artifacts

`artifacts_for_replacement`^Optional ¶

artifacts_for_replacement: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`cache_for_initialization`^Optional ¶

cache_for_initialization: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`dependencies_for_initialization`^Optional ¶

dependencies_for_initialization: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`dependencies_for_replacement`^Optional ¶

dependencies_for_replacement: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image_for_initialization`^Optional ¶

image_for_initialization: typing.Union[str, Image]

Type: typing.Union[str, gcix.Image]

`image_for_replacement`^Optional ¶

image_for_replacement: typing.Union[str, Image]

Type: typing.Union[str, gcix.Image]

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`needs_for_initialization`^Optional ¶

needs_for_initialization: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`needs_for_replacement`^Optional ¶

needs_for_replacement: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`rules_for_initialization`^Optional ¶

rules_for_initialization: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_for_replacement`^Optional ¶

rules_for_replacement: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_to_append`^Optional ¶

rules_to_append: typing.List[Rule]

Type: typing.List[gcix.Rule]

`rules_to_prepend`^Optional ¶

rules_to_prepend: typing.List[Rule]

Type: typing.List[gcix.Rule]

`scripts_to_append`^Optional ¶

scripts_to_append: typing.List[str]

Type: typing.List[str]

`scripts_to_prepend`^Optional ¶

scripts_to_prepend: typing.List[str]

Type: typing.List[str]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`variables_for_initialization`^Optional ¶

variables_for_initialization: typing.Mapping[str]

Type: typing.Mapping[str]

`variables_for_replacement`^Optional ¶

variables_for_replacement: typing.Mapping[str]

Type: typing.Mapping[str]

`crane_pull_job`^Required ¶

crane_pull_job: CranePull

Type: CranePull

CranPull job.

`crane_push_job`^Required ¶

crane_push_job: CranePush

Type: CranePush

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_dive_scan`^Required ¶

do_dive_scan: bool

Type: bool

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Required ¶

do_trivyignore_check: bool

Type: bool

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Required ¶

do_trivy_scan: bool

Type: bool

Set to false to skip the Trivy scan job.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`image_name`^Required ¶

image_name: str

Type: str

Image name with stage in the registry.

e.g. username/image_name.

`image_tag`^Required ¶

image_tag: str

Type: str

Container image tag to pull from srcRegistry and push to dstRegistry.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Container registry to pull the image from.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`dive_scan_job`^Optional ¶

dive_scan_job: DiveScan

Type: DiveScan

Dive scan job.

`trivy_ignore_file_check_job`^Optional ¶

trivy_ignore_file_check_job: TrivyIgnoreFileCheck

Type: TrivyIgnoreFileCheck

Trivy ignore file check job.

`trivy_scan_local_image_job`^Optional ¶

trivy_scan_local_image_job: TrivyScanLocalImage

Type: TrivyScanLocalImage

Trivy scan local image job.

CraneCopy ¶

Implements: ICraneCopy

Creates a job to copy container images with crane. See crane.

Copying an image is useful, if you want to have container images as close as possible to your cluster or servers.

This subclass of Job will configure following defaults for the superclass:

name: crane-copy
stage: deploy
image: PredefinedImages.CRANE

Initializers ¶

from gcix import container

container.CraneCopy(
  dst_registry: typing.Union[str, Registry],
  src_registry: typing.Union[str, Registry],
  docker_client_config: DockerClientConfig = None,
  job_name: str = None,
  job_stage: str = None
)

Name	Type	Description
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`src_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image from.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.

`dst_registry`^Required ¶

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`src_registry`^Required ¶

Type: typing.Union[str, Registry]

Registry URL to copy container image from.

`docker_client_config`^Optional ¶

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`src_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image from.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image from.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.

CranePull ¶

Implements: ICranePull

Creates a job to pull container image from remote container registry with crane.

This subclass of Job will configure following defaults for the superclass:

name: crane
stage: pull
image: PredefinedImages.CRANE

Initializers ¶

from gcix import container

container.CranePull(
  src_registry: typing.Union[str, Registry],
  docker_client_config: DockerClientConfig = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  tar_path: str = None
)

Name	Type	Description
`src_registry`	`typing.Union[str, Registry]`	Registry URL to pull container image from.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`image_name`	`str`	Container image with namespace to pull from `srcRegistry`.
`image_tag`	`str`	Tag of the image which will be pulled.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`tar_path`	`str`	Path where to save the container image tarball.

`src_registry`^Required ¶

Type: typing.Union[str, Registry]

Registry URL to pull container image from.

`docker_client_config`^Optional ¶

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectName

Container image with namespace to pull from srcRegistry.

`image_tag`^Optional ¶

Type: str
Default: latest

Tag of the image which will be pulled.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`tar_path`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectDir

Path where to save the container image tarball.

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`image_name`	`str`	Container image with namespace to pull from `srcRegistry`.
`image_tag`	`str`	Tag of the image which will be pulled.
`src_registry`	`typing.Union[str, Registry]`	Registry URL to pull container image from.
`tar_path`	`str`	Path where to save the container image tarball.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`image_name`^Required ¶

image_name: str

Type: str

Container image with namespace to pull from srcRegistry.

`image_tag`^Required ¶

image_tag: str

Type: str

Tag of the image which will be pulled.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to pull container image from.

`tar_path`^Required ¶

tar_path: str

Type: str

Path where to save the container image tarball.

CranePush ¶

Implements: ICranePush

Creates a job to push container image to remote container registry with crane.

The image to copy must be in a tarball format. It gets validated with crane and is pushed to dst_registry destination registry.

This subclass of Job will configure following defaults for the superclass:

name: crane-push
stage: deploy
image: PredefinedImages.CRANE

Initializers ¶

from gcix import container

container.CranePush(
  dst_registry: typing.Union[str, Registry],
  docker_client_config: DockerClientConfig = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  tar_path: str = None
)

Name	Type	Description
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`tar_path`	`str`	Path where to find the container image tarball.

`dst_registry`^Required ¶

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`docker_client_config`^Optional ¶

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectName

Container image name, searched for in imagePath and gets .tar appended.

`image_tag`^Optional ¶

Type: str
Default: PredefinedVariables.ciCommitTag

The tag the image will be tagged with.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`tar_path`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectDir

Path where to find the container image tarball.

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_tag`	`str`	The tag the image will be tagged with.
`tar_path`	`str`	Path where to find the container image tarball.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`image_name`^Required ¶

image_name: str

Type: str

Container image name, searched for in imagePath and gets .tar appended.

`image_tag`^Required ¶

image_tag: str

Type: str

The tag the image will be tagged with.

`tar_path`^Required ¶

tar_path: str

Type: str

Path where to find the container image tarball.

DiveScan ¶

Implements: IDiveScan

Scan your images with wagoodman/dive.

dive will scan your container image layers and will output the efficency of each layer. You can see which layer and which file is consuming the most storage and optimize the layers if possible. It prevents container images and its layers beeing polluted with files like apt or yum cache's. The output produced by dive is uploaded as an artifact to the GitLab instance.

This subclass of Job will configure following defaults for the superclass:

name: dive
stage: check
image: PredefinedImages.DIVE
artifacts: Path 'dive.txt'

Initializers ¶

from gcix import container

container.DiveScan(
  highest_user_wasted_percent: typing.Union[int, float] = None,
  highest_wasted_bytes: typing.Union[int, float] = None,
  ignore_errors: bool = None,
  image_name: str = None,
  image_path: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  lowest_efficiency: typing.Union[int, float] = None,
  source: str = None
)

Name	Type	Description
`highest_user_wasted_percent`	`typing.Union[int, float]`	Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.
`highest_wasted_bytes`	`typing.Union[int, float]`	Highest allowable bytes wasted, otherwise CI validation will fail.
`ignore_errors`	`bool`	Ignore image parsing errors and run the analysis anyway.
`image_name`	`str`	Name of the container image to scan, if `source` is `docker-archive` argument gets prefix `.tar`.
`image_path`	`str`	Path to the image can be either a remote container registry, as well as a local path to an image.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`lowest_efficiency`	`typing.Union[int, float]`	Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.
`source`	`str`	The container engine to fetch the image from.

`highest_user_wasted_percent`^Optional ¶

Type: typing.Union[int, float]
Default: 0.1

Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.

`highest_wasted_bytes`^Optional ¶

Type: typing.Union[int, float]

Highest allowable bytes wasted, otherwise CI validation will fail.

`ignore_errors`^Optional ¶

Type: bool
Default: false

Ignore image parsing errors and run the analysis anyway.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectName

Name of the container image to scan, if source is docker-archive argument gets prefix .tar.

`image_path`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectPath

Path to the image can be either a remote container registry, as well as a local path to an image.

`image_tag`^Optional ¶

Type: str
Default: PredefinedVariables.ciCommitTag

The tag the image will be tagged with.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`lowest_efficiency`^Optional ¶

Type: typing.Union[int, float]
Default: 0.9

Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.

`source`^Optional ¶

Type: str
Default: "docker-archive

The container engine to fetch the image from.

Allowed values: docker, podman, docker-archive

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`highest_user_wasted_percent`	`typing.Union[int, float]`	Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.
`ignore_errors`	`bool`	Ignore image parsing errors and run the analysis anyway.
`image_name`	`str`	Name of the container image to scan, if `source` is `docker-archive` argument gets prefix `.tar`.
`image_path`	`str`	Path to the image can be either a remote container registry, as well as a local path to an image.
`image_tag`	`str`	The tag the image will be tagged with.
`lowest_efficiency`	`typing.Union[int, float]`	Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.
`source`	`str`	The container engine to fetch the image from.
`highest_wasted_bytes`	`typing.Union[int, float]`	Highest allowable bytes wasted, otherwise CI validation will fail.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`highest_user_wasted_percent`^Required ¶

highest_user_wasted_percent: typing.Union[int, float]

Type: typing.Union[int, float]

Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.

`ignore_errors`^Required ¶

ignore_errors: bool

Type: bool

Ignore image parsing errors and run the analysis anyway.

`image_name`^Required ¶

image_name: str

Type: str

Name of the container image to scan, if source is docker-archive argument gets prefix .tar.

`image_path`^Required ¶

image_path: str

Type: str

Path to the image can be either a remote container registry, as well as a local path to an image.

`image_tag`^Required ¶

image_tag: str

Type: str

The tag the image will be tagged with.

`lowest_efficiency`^Required ¶

lowest_efficiency: typing.Union[int, float]

Type: typing.Union[int, float]

Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.

`source`^Required ¶

source: str

Type: str

The container engine to fetch the image from.

Allowed values: docker, podman, docker-archive

`highest_wasted_bytes`^Optional ¶

highest_wasted_bytes: typing.Union[int, float]

Type: typing.Union[int, float]

Highest allowable bytes wasted, otherwise CI validation will fail.

DockerBuild ¶

Implements: IDockerBuild

Runs docker build.

Example:

1 2	`import { Build } from "@gcix/gcix" const buildJob = Build({repository: "myrepo/myimage", tag: "v0.1.0"})`

This subclass of Job will configure following defaults for the superclass:

name: docker
stage: build

Initializers ¶

from gcix import container

container.DockerBuild(
  repository: str,
  context: str = None,
  job_name: str = None,
  job_stage: str = None,
  tag: str = None
)

Name	Type	Description
`repository`	`str`	The Docker repository name `([<registry>/]<image>)`.
`context`	`str`	The Docker build context (the directory containing the Dockerfile).
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`tag`	`str`	A Docker image tag applied to the image.

`repository`^Required ¶

Type: str

The Docker repository name ([<registry>/]<image>).

`context`^Optional ¶

Type: str
Default: .

The Docker build context (the directory containing the Dockerfile).

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`tag`^Optional ¶

Type: str

A Docker image tag applied to the image.

If not set docker uses latest

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`context`	`str`	The Docker build context (the directory containing the Dockerfile).
`repository`	`str`	The Docker repository name `([<registry>/]<image>)`.
`tag`	`str`	A Docker image tag applied to the image.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`context`^Required ¶

context: str

Type: str

The Docker build context (the directory containing the Dockerfile).

`repository`^Required ¶

repository: str

Type: str

The Docker repository name ([<registry>/]<image>).

`tag`^Required ¶

tag: str

Type: str

A Docker image tag applied to the image.

DockerClientConfig ¶

Implements: IDockerClientConfig

Class which represents a docker client configuration.

After creating an instance of this class you can add new credential helper, basic authentication settings or default credential store.

Initializers ¶

from gcix import container

container.DockerClientConfig(
  config_file_path: str = None
)

Name	Type	Description
`config_file_path`	`str`	Docker client config path.

`config_file_path`^Optional ¶

Type: str
Default: $HOME/.docker/config.json

Docker client config path.

Methods ¶

Name	Description
`add_auth`	Adds basic authentication `auths` setting to the configuration.
`add_cred_helper`	Adds a Credentials helper `credHelpers` for a registry.
`add_raw`	Adds arbitrary settings to configuration.
`assign_creds_store`	Sets the `credsStore` setting for clients. See docker login#credentials-store.
`shell_command`	Renders the shell command for creating the docker client config.

`add_auth` ¶

def add_auth(
  registry: str,
  username_env_var: str = None,
  password_env_var: str = None
) -> DockerClientConfig

Adds basic authentication auths setting to the configuration.

This method acts a little special, because of some security aspects. The method, takse three arguments, registry, username_env_var and password_env_var. Arguments ending wit *_env_var, are ment to be available as a gcip.Job variable.

`registry`^Required ¶

Type: str

Name of the container registry to set creds_helper for.

`username_env_var`^Optional ¶

Type: str

Name of the environment variable which as the registry username stored.

`password_env_var`^Optional ¶

Type: str

Name of the environment variable which as the registry password stored.

`add_cred_helper` ¶

def add_cred_helper(
  registry: str,
  cred_helper: str
) -> DockerClientConfig

Adds a Credentials helper credHelpers for a registry.

See docker login#credential-helpers

`registry`^Required ¶

Type: str

Name of the container registry to set creds_helper for.

`cred_helper`^Required ¶

Type: str

Name of the credential helper to use together with the registry.

`add_raw` ¶

def add_raw(
  raw_input: typing.Mapping[typing.Any]
) -> DockerClientConfig

Adds arbitrary settings to configuration.

Be aware and warned! You can overwrite any predefined settings with this method. This method is intendet to be used, if non suitable method is available and you have to set a configuration setting.

`raw_input`^Required ¶

Type: typing.Mapping[typing.Any]

Dictionary of non-available settings to be set.

`assign_creds_store` ¶

def assign_creds_store(
  creds_store: str
) -> DockerClientConfig

Sets the credsStore setting for clients. See docker login#credentials-store.

Be aware, that if you set the credsStore and add creds_helper or username and password authentication, those authentication methods are not used.

Clients which can authenticate against a registry can handle the credential store itself, mostly you do not want to set the credsStore. Use credsHelpers instead.

`creds_store`^Required ¶

Type: str

Should be the suffix of the program to use (i.e. everything after docker-credential-). osxkeychain, to use docker-credential-osxkeychain or ecr-login, to use docker-crendential-ecr-login.

`shell_command` ¶

def shell_command() -> typing.List[str]

Renders the shell command for creating the docker client config.

The render method uses json.dumps() to dump the configuration as a json string and escapes it for the shell. In Jobs which needed the configuration the rendered output should be redirected to the appropriate destination e.g. ~/.docker/config.json. This ensures, that environment variables are substituted.

Properties ¶

Name	Type	Description
`config`	`IDockerClientConfigType`	Docker client configuration.
`config_file_path`	`str`	Docker client config path.

`config`^Required ¶

config: IDockerClientConfigType

Type: IDockerClientConfigType

Docker client configuration.

`config_file_path`^Required ¶

config_file_path: str

Type: str

Docker client config path.

DockerPush ¶

Implements: IDockerPush

Runs docker push and optionally docker login before.

Example:

import { Push } from "@gcix/gcix"

const pushJob = new Push({
                registry: "index.docker.io/v1/gcix/gcix",
                image: "gcip",
                tag: "v0.1.0",
                userEnvVar: "DOCKER_USER",
                loginEnvVar: "DOCKER_TOKEN"
            })

The userEnvVar and loginEnvVar should be created as protected and masked custom environment variable configured in the UI.

This subclass of Job will configure following defaults for the superclass:

name: docker
stage: deploy

Initializers ¶

from gcix import container

container.DockerPush(
  container_image: str,
  job_name: str = None,
  job_stage: str = None,
  login_env_var: str = None,
  registry: str = None,
  tag: str = None,
  user_env_var: str = None
)

Name	Type	Description
`container_image`	`str`	The name of the Docker image to push to the `registry`.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`login_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.
`registry`	`str`	The Docker registry the image should be pushed to.
`tag`	`str`	The Docker image tag that should be pushed to the `registry`.
`user_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

`container_image`^Required ¶

Type: str

The name of the Docker image to push to the registry.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`login_env_var`^Optional ¶

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.

DO NOT PROVIDE THE LOGIN VALUE ITSELF! This would be a security issue!

`registry`^Optional ¶

Type: str
Default: index.docker.io/v1

The Docker registry the image should be pushed to.

`tag`^Optional ¶

Type: str
Default: latest

The Docker image tag that should be pushed to the registry.

`user_env_var`^Optional ¶

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

DO NOT PROVIDE THE USERNAME VALUE ITSELF! This would be a security issue!

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`container_image`	`str`	The name of the Docker image to push to the `registry`.
`registry`	`str`	The Docker registry the image should be pushed to.
`tag`	`str`	The Docker image tag that should be pushed to the `registry`.
`login_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.
`user_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`container_image`^Required ¶

container_image: str

Type: str

The name of the Docker image to push to the registry.

`registry`^Required ¶

registry: str

Type: str

The Docker registry the image should be pushed to.

`tag`^Required ¶

tag: str

Type: str

The Docker image tag that should be pushed to the registry.

`login_env_var`^Optional ¶

login_env_var: str

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.

DO NOT PROVIDE THE LOGIN VALUE ITSELF! This would be a security issue!

`user_env_var`^Optional ¶

user_env_var: str

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

DO NOT PROVIDE THE USERNAME VALUE ITSELF! This would be a security issue!

KanikoExecute ¶

Implements: IKanikoExecute

Creates a job which builds container images.

This job creates images depending on git branches. e.g If the branch which gets pushed to the remote is named my_awsome_feature the image will be tagged with my-awsome-feature.

This subclass of Job will configure following defaults for the superclass:

name: kaniko
stage: build
image: PredefinedImages.KANIKO

Initializers ¶

from gcix import container

container.KanikoExecute(
  build_args: typing.Mapping[typing.Any] = None,
  build_target: str = None,
  context: str = None,
  docker_client_config: DockerClientConfig = None,
  dockerfile: str = None,
  enable_push: bool = None,
  image_name: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  registries: typing.Union[typing.List[str], typing.List[Registry]] = None,
  tar_path: str = None,
  verbosity: str = None
)

Name	Type	Description
`build_args`	`typing.Mapping[typing.Any]`	Container build arguments, used to instrument the container image build.
`build_target`	`str`	For container multistage builds name of the build stage you want to create.
`context`	`str`	Context which will be send to kaniko.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`dockerfile`	`str`	Name of the dockerfile to use.
`enable_push`	`bool`	Enable push to container registry, disabled to allow subsequent jobs to.
`image_name`	`str`	Image name which will be created.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`registries`	`typing.Union[typing.List[str], typing.List[Registry]]`	List of container registries to push created image to.
`tar_path`	`str`	Container images created by kaniko are tarball files.
`verbosity`	`str`	Verbosity of kaniko logging.

`build_args`^Optional ¶

Type: typing.Mapping[typing.Any]

Container build arguments, used to instrument the container image build.

`build_target`^Optional ¶

Type: str

For container multistage builds name of the build stage you want to create.

Image tag will be appended with the build_target. e.g. latest-buildtarget.

`context`^Optional ¶

Type: str

Context which will be send to kaniko.

Defaults to None which implies the local directory is the context.

`docker_client_config`^Optional ¶

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`dockerfile`^Optional ¶

Type: str
Default: "Dockerfile"

Name of the dockerfile to use.

File is relative to context.

`enable_push`^Optional ¶

Type: bool
Default: false act on container tarball.

Enable push to container registry, disabled to allow subsequent jobs to.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.CI_PROJECT_NAME.

Image name which will be created.

`image_tag`^Optional ¶

Type: str
Default: PredefinedVariables.CI_COMMIT_TAG

The tag the image will be tagged with.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`registries`^Optional ¶

Type: typing.Union[typing.List[str], typing.List[Registry]]

List of container registries to push created image to.

`tar_path`^Optional ¶

Type: str

Container images created by kaniko are tarball files.

This is the path where to store the image, will be named with suffix .tar. This path will be created if not present.

`verbosity`^Optional ¶

Type: str
Default: "info"

Verbosity of kaniko logging.

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`context`	`str`	Context which will be send to kaniko.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`dockerfile`	`str`	Name of the dockerfile to use.
`enable_push`	`bool`	Enable push to container registry, disabled to allow subsequent jobs to act on container tarball.
`image_name`	`str`	Image name which will be created.
`image_tag`	`str`	The tag the image will be tagged with.
`verbosity`	`str`	Verbosity of kaniko logging.
`build_args`	`typing.Mapping[typing.Any]`	Container build arguments, used to instrument the container image build.
`build_target`	`str`	For container multistage builds name of the build stage you want to create.
`registries`	`typing.Union[typing.List[str], typing.List[Registry]]`	List of container registries to push created image to.
`tar_path`	`str`	Container images created by kaniko are tarball files.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`context`^Required ¶

context: str

Type: str

Context which will be send to kaniko.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`dockerfile`^Required ¶

dockerfile: str

Type: str

Name of the dockerfile to use.

File is relative to context.

`enable_push`^Required ¶

enable_push: bool

Type: bool

Enable push to container registry, disabled to allow subsequent jobs to act on container tarball.

`image_name`^Required ¶

image_name: str

Type: str

Image name which will be created.

`image_tag`^Required ¶

image_tag: str

Type: str

The tag the image will be tagged with.

`verbosity`^Required ¶

verbosity: str

Type: str

Verbosity of kaniko logging.

`build_args`^Optional ¶

build_args: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

Container build arguments, used to instrument the container image build.

`build_target`^Optional ¶

build_target: str

Type: str

For container multistage builds name of the build stage you want to create.

Image tag will be appended with the build_target. e.g. latest-buildtarget.

`registries`^Optional ¶

registries: typing.Union[typing.List[str], typing.List[Registry]]

Type: typing.Union[typing.List[str], typing.List[Registry]]

List of container registries to push created image to.

`tar_path`^Optional ¶

tar_path: str

Type: str

Container images created by kaniko are tarball files.

This is the path where to store the image, will be named with suffix .tar. This path will be created if not present.

PredefinedImages ¶

The PredefinedImages collection supplies commonly utilized container image objects within the gcix framework.

Constants ¶

Name	Type	Description
`ALPINE_GIT`	`gcix.Image`	A predefined Alpine Git container image object.
`BUSYBOX`	`gcix.Image`	A predefined Busybox container image object.
`CRANE`	`gcix.Image`	A predefined Crane container image object.
`DIVE`	`gcix.Image`	A predefined Dive container image object.
`GCIP`	`gcix.Image`	A predefined GCIP container image object.
`GCIX`	`gcix.Image`	A predefined GCIX container image object.
`KANIKO`	`gcix.Image`	A predefined Kaniko container image object.
`TRIVY`	`gcix.Image`	A predefined Trivy container image object.

`ALPINE_GIT`^Required ¶

ALPINE_GIT: Image

Type: gcix.Image

A predefined Alpine Git container image object.

This image is useful for Git operations within containers.

`BUSYBOX`^Required ¶

BUSYBOX: Image

Type: gcix.Image

A predefined Busybox container image object.

`CRANE`^Required ¶

CRANE: Image

Type: gcix.Image

A predefined Crane container image object.

`DIVE`^Required ¶

DIVE: Image

Type: gcix.Image

A predefined Dive container image object.

`GCIP`^Required ¶

GCIP: Image

Type: gcix.Image

A predefined GCIP container image object.

`GCIX`^Required ¶

GCIX: Image

Type: gcix.Image

A predefined GCIX container image object.

`KANIKO`^Required ¶

KANIKO: Image

Type: gcix.Image

A predefined Kaniko container image object.

`TRIVY`^Required ¶

TRIVY: Image

Type: gcix.Image

A predefined Trivy container image object.

Registry ¶

Container registry urls constants.

Static Functions ¶

Name	Description
`aws`	Amazon Elastic Container Registry (ECR).

`aws` ¶

from gcix import container

container.Registry.aws(
  account_id: str = None,
  region: str = None
)

Amazon Elastic Container Registry (ECR).

If neither accountId nor region is given, the method attempts to evaluate accountId and region using helper functions from aws.AWSAccount. If either of the helper functions does provide a valid value, a ValueError or KeyError exception will be raised.

`account_id`^Optional ¶

Type: str
Default: AWSAccount.awsAccountId()

AWS account id.

`region`^Optional ¶

Type: str
Default: AWSAccount.awsRegion()

AWS region where the ECR repository lives in.

Constants ¶

Name	Type	Description
`DOCKER`	`str`	No description.
`GCR`	`str`	No description.
`QUAY`	`str`	No description.

`DOCKER`^Required ¶

DOCKER: str

Type: str

`GCR`^Required ¶

GCR: str

Type: str

`QUAY`^Required ¶

QUAY: str

Type: str

TrivyIgnoreFileCheck ¶

Implements: ITrivyIgnoreFileCheck

This job checks if a .trivyignore file exists and is not empty and fails if so.

If a .trivyignore file is found and not empty, by default the job fails with exit 1, the job is configured to allow failures so that the pipeline keeps running. This ensures the visibility of acknowledged CVE's in the .trivyignore file inside the pipeline.

This subclass of Job will configure following defaults for the superclass:

name: trivyignore
stage: check
image: PredefinedImages.BUSYBOX
allow_failure: 1

Initializers ¶

from gcix import container

container.TrivyIgnoreFileCheck(
  job_name: str = None,
  job_stage: str = None,
  trivyignore_path: str = None
)

Name	Type	Description
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`trivyignore_path`	`str`	Path to the `.trivyignore` file.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`trivyignore_path`^Optional ¶

Type: str
Default: PredefinedVariables.ciProjectDir/.trivyignore

Path to the .trivyignore file.

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`trivyignore_path`	`str`	Path to the `.trivyignore` file.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`trivyignore_path`^Required ¶

trivyignore_path: str

Type: str

Path to the .trivyignore file.

TrivyScanLocalImage ¶

Implements: ITrivyScanLocalImage

This job scanns container images to find vulnerabilities.

This job fails with exit code 1 if severities are found. The scan output is printed to stdout and uploaded to the artifacts of GitLab.

This subclass of Job will configure following defaults for the superclass:

name: trivy
stage: check
image: PredefinedImages.TRIVY
artifacts: Path 'trivy.txt'

Initializers ¶

from gcix import container

container.TrivyScanLocalImage(
  debug: bool = None,
  exit_if_vulnerable: bool = None,
  image_name: str = None,
  image_path: str = None,
  image_tag: str = None,
  job_name: str = None,
  job_stage: str = None,
  output_format: str = None,
  severity: str = None,
  trivy_config: str = None,
  vulnerability_types: str = None
)

Name	Type	Description
`debug`	`bool`	If trivy should run in debug mode.
`exit_if_vulnerable`	`bool`	Exit code when vulnerabilities were found.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_path`	`str`	Path where to find the container image.
`image_tag`	`str`	The tag the image will be tagged with.
`job_name`	`str`	The name of the Bootstrap job.
`job_stage`	`str`	The stage of the Bootstrap job.
`output_format`	`str`	Scan output format, possible values (table, json).
`severity`	`str`	Severities of vulnerabilities to be displayed (comma separated).
`trivy_config`	`str`	Additional options to pass to `trivy` binary.
`vulnerability_types`	`str`	List of vulnerability types (comma separated).

`debug`^Optional ¶

Type: bool
Default: false

If trivy should run in debug mode.

`exit_if_vulnerable`^Optional ¶

Type: bool
Default: true

Exit code when vulnerabilities were found.

If true exit code is 1 else 0.

`image_name`^Optional ¶

Type: str
Default: PredefinedVariables.CI_PROJECT_NAME

Container image name, searched for in imagePath and gets .tar appended.

`image_path`^Optional ¶

Type: str
Default: PredefinedVariables.CI_PROJECT_DIR

Path where to find the container image.

`image_tag`^Optional ¶

Type: str
Default: PredefinedVariables.CI_COMMIT_TAG

The tag the image will be tagged with.

`job_name`^Optional ¶

Type: str

The name of the Bootstrap job.

`job_stage`^Optional ¶

Type: str

The stage of the Bootstrap job.

`output_format`^Optional ¶

Type: str
Default: "table"

Scan output format, possible values (table, json).

`severity`^Optional ¶

Type: str
Default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"

Severities of vulnerabilities to be displayed (comma separated).

`trivy_config`^Optional ¶

Type: str

Additional options to pass to trivy binary.

`vulnerability_types`^Optional ¶

Type: str
Default: "os,library"

List of vulnerability types (comma separated).

Methods ¶

Name	Description
`add_dependencies`	No description.
`add_needs`	No description.
`add_parent`	This method is called by `gcix.JobCollection`s when the job is added to that JobCollection.
`add_tags`	No description.
`add_variables`	No description.
`append_rules`	No description.
`append_scripts`	No description.
`assign_allow_failure`	No description.
`assign_artifacts`	No description.
`assign_cache`	No description.
`assign_dependencies`	No description.
`assign_image`	Sets the image of this job.
`assign_needs`	No description.
`assign_tags`	No description.
`copy`	Returns an independent, deep copy object of this job.
`extend_name`	This method is used by `gcix.JobCollection`s to populate the jobs name.
`extend_stage`	This method is used by `gcix.JobCollection`s to populate the jobs name and stage.
`extend_stage_value`	This method is used by `gcix.JobCollection`s to populate the jobs stage.
`get_all_instance_names`	Return all instance names from the given child.
`is_equal`	`isEqual` checks if `this` object is equal to given object.
`prepend_rules`	No description.
`prepend_scripts`	No description.
`render`	Returns a representation of any object which implements `IBase`.

`add_dependencies` ¶

def add_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_needs` ¶

def add_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`add_parent` ¶

def add_parent(
  parent: typing.Union[Job, JobCollection]
) -> None

This method is called by gcix.JobCollections when the job is added to that JobCollection.

The job needs to know its parents when getAllInstanceNames() is called.

`parent`^Required ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`add_tags` ¶

def add_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`add_variables` ¶

def add_variables(
  variables: typing.Mapping[str]
) -> Job

`variables`^Required ¶

Type: typing.Mapping[str]

`append_rules` ¶

def append_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`append_scripts` ¶

def append_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`assign_allow_failure` ¶

def assign_allow_failure(
  allow_failure: typing.Union[bool, typing.List[typing.Union[int, float]]]
) -> Job

`allow_failure`^Required ¶

Type: typing.Union[bool, typing.List[typing.Union[int, float]]]

`assign_artifacts` ¶

def assign_artifacts(
  artifacts: Artifacts
) -> Job

`artifacts`^Required ¶

Type: gcix.Artifacts

`assign_cache` ¶

def assign_cache(
  cache: Cache
) -> Job

`cache`^Required ¶

Type: gcix.Cache

`assign_dependencies` ¶

def assign_dependencies(
  dependencies: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`dependencies`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_image` ¶

def assign_image(
  image: typing.Union[str, Image]
) -> Job

Sets the image of this job.

For a simple container image you can provide the origin of the image. If you want to set the entrypoint, you have to provide an Image object instead.

!! Any previous values will be overwritten.

`image`^Required ¶

Type: typing.Union[str, gcix.Image]

`assign_needs` ¶

def assign_needs(
  needs: typing.List[typing.Union[Job, JobCollection, Need]]
) -> Job

`needs`^Required ¶

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`assign_tags` ¶

def assign_tags(
  tags: typing.List[str]
) -> Job

`tags`^Required ¶

Type: typing.List[str]

`copy` ¶

def copy() -> Job

Returns an independent, deep copy object of this job.

`extend_name` ¶

def extend_name(
  name: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name.

`name`^Required ¶

Type: str

`extend_stage` ¶

def extend_stage(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs name and stage.

`stage`^Required ¶

Type: str

`extend_stage_value` ¶

def extend_stage_value(
  stage: str
) -> None

This method is used by gcix.JobCollections to populate the jobs stage.

`stage`^Required ¶

Type: str

`get_all_instance_names` ¶

def get_all_instance_names(
  child: typing.Union[Job, JobCollection] = None
) -> OrderedStringSet

Return all instance names from the given child.

That means all combinations of the childs name and stage within this sequence and all parent sequences.

`child`^Optional ¶

Type: typing.Union[gcix.Job, gcix.JobCollection]

`is_equal` ¶

def is_equal(
  comparable: IBase
) -> bool

isEqual checks if this object is equal to given object.

`comparable`^Required ¶

Type: gcix.IBase

`prepend_rules` ¶

def prepend_rules(
  rules: typing.List[Rule]
) -> Job

`rules`^Required ¶

Type: typing.List[gcix.Rule]

`prepend_scripts` ¶

def prepend_scripts(
  scripts: typing.List[str]
) -> Job

`scripts`^Required ¶

Type: typing.List[str]

`render` ¶

def render() -> typing.Any

Returns a representation of any object which implements IBase.

The rendered representation is used by the gcix to dump it in YAML format as part of the .gitlab-ci.yml pipeline.

Properties ¶

Name	Type	Description
`tags`	`typing.List[str]`	Getter method to receive added tags.
`allow_failure`	`typing.Union[str, bool, typing.List[typing.Union[int, float]]]`	No description.
`name`	`str`	No description.
`ordered_tags`	`gcix.OrderedStringSet`	No description.
`parents`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection]]`	No description.
`scripts`	`typing.List[str]`	No description.
`stage`	`str`	No description.
`artifacts`	`gcix.Artifacts`	No description.
`cache`	`gcix.Cache`	No description.
`dependencies`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`image`	`gcix.Image`	No description.
`needs`	`typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]`	No description.
`original`	`gcix.Job`	No description.
`rules`	`typing.List[gcix.Rule]`	No description.
`variables`	`typing.Mapping[str]`	No description.
`debug`	`bool`	If trivy should run in debug mode.
`exit_if_vulnerable`	`bool`	Exit code when vulnerabilities were found.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_path`	`str`	Path where to find the container image.
`image_tag`	`str`	The tag the image will be tagged with.
`output_format`	`str`	Scan output format, possible values (table, json).
`severity`	`str`	Severities of vulnerabilities to be displayed (comma separated).
`vulnerability_types`	`str`	List of vulnerability types (comma separated).
`trivy_config`	`str`	Additional options to pass to `trivy` binary.

`tags`^Required ¶

tags: typing.List[str]

Type: typing.List[str]

Getter method to receive added tags.

`allow_failure`^Required ¶

allow_failure: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

Type: typing.Union[str, bool, typing.List[typing.Union[int, float]]]

`name`^Required ¶

name: str

Type: str

`ordered_tags`^Required ¶

ordered_tags: OrderedStringSet

Type: gcix.OrderedStringSet

`parents`^Required ¶

parents: typing.List[typing.Union[Job, JobCollection]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection]]

`scripts`^Required ¶

scripts: typing.List[str]

Type: typing.List[str]

`stage`^Required ¶

stage: str

Type: str

`artifacts`^Optional ¶

artifacts: Artifacts

Type: gcix.Artifacts

`cache`^Optional ¶

cache: Cache

Type: gcix.Cache

`dependencies`^Optional ¶

dependencies: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`image`^Optional ¶

image: Image

Type: gcix.Image

`needs`^Optional ¶

needs: typing.List[typing.Union[Job, JobCollection, Need]]

Type: typing.List[typing.Union[gcix.Job, gcix.JobCollection, gcix.Need]]

`original`^Optional ¶

original: Job

Type: gcix.Job

`rules`^Optional ¶

rules: typing.List[Rule]

Type: typing.List[gcix.Rule]

`variables`^Optional ¶

variables: typing.Mapping[str]

Type: typing.Mapping[str]

`debug`^Required ¶

debug: bool

Type: bool

If trivy should run in debug mode.

`exit_if_vulnerable`^Required ¶

exit_if_vulnerable: bool

Type: bool

Exit code when vulnerabilities were found.

If true exit code is 1 else 0.

`image_name`^Required ¶

image_name: str

Type: str

Container image name, searched for in imagePath and gets .tar appended.

`image_path`^Required ¶

image_path: str

Type: str

Path where to find the container image.

`image_tag`^Required ¶

image_tag: str

Type: str

The tag the image will be tagged with.

`output_format`^Required ¶

output_format: str

Type: str

Scan output format, possible values (table, json).

`severity`^Required ¶

severity: str

Type: str

Severities of vulnerabilities to be displayed (comma separated).

`vulnerability_types`^Required ¶

vulnerability_types: str

Type: str

List of vulnerability types (comma separated).

`trivy_config`^Optional ¶

trivy_config: str

Type: str

Additional options to pass to trivy binary.

Protocols ¶

IBuildContainerCollection ¶

Implemented By: BuildContainerCollection, BuildGitlabContainerCollection, IBuildContainerCollection

Properties ¶

Name	Type	Description
`crane_push_job`	`CranePush`	Crane push job.
`dive_scan_job`	`DiveScan`	Dive scan job.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_crane_push`	`bool`	Set to `false` to skip the Crane push job.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Image tag.
`kaniko_execute_job`	`KanikoExecute`	Kaniko execute job.
`registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`trivy_ignore_file_check_job`	`TrivyIgnoreFileCheck`	Trivy ignore file check job.
`trivy_scan_local_image_job`	`TrivyScanLocalImage`	Trivy scan local image job.

`crane_push_job`^Required ¶

crane_push_job: CranePush

Type: CranePush

Crane push job.

`dive_scan_job`^Required ¶

dive_scan_job: DiveScan

Type: DiveScan

Dive scan job.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_crane_push`^Required ¶

do_crane_push: bool

Type: bool
Default: true

Set to false to skip the Crane push job.

`do_dive_scan`^Required ¶

do_dive_scan: bool

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Required ¶

do_trivyignore_check: bool

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Required ¶

do_trivy_scan: bool

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`image_name`^Required ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectDir

Image name with stage in the registry.

e.g. username/imageName.

`image_tag`^Required ¶

image_tag: str

Type: str
Default: PredefinedVariables.ciCommitRefName

Image tag.

Depending of the build it defaults either to the git tag or to the actual branch name.

`kaniko_execute_job`^Required ¶

kaniko_execute_job: KanikoExecute

Type: KanikoExecute

Kaniko execute job.

`registry`^Required ¶

registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`trivy_ignore_file_check_job`^Required ¶

trivy_ignore_file_check_job: TrivyIgnoreFileCheck

Type: TrivyIgnoreFileCheck

Trivy ignore file check job.

`trivy_scan_local_image_job`^Required ¶

trivy_scan_local_image_job: TrivyScanLocalImage

Type: TrivyScanLocalImage

Trivy scan local image job.

ICopyContainerCollection ¶

Implemented By: CopyContainerCollection, ICopyContainerCollection

Properties ¶

Name	Type	Description
`crane_pull_job`	`CranePull`	CranPull job.
`crane_push_job`	`CranePush`	No description.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`do_dive_scan`	`bool`	Set to `false` to skip the Dive scan job.
`do_trivyignore_check`	`bool`	Set to `false` to skip the existance check of the `.trivyignore` file.
`do_trivy_scan`	`bool`	Set to `false` to skip the Trivy scan job.
`dst_registry`	`typing.Union[str, Registry]`	Container registry to push the image to.
`image_name`	`str`	Image name with stage in the registry.
`image_tag`	`str`	Container image tag to pull from `srcRegistry` and push to `dstRegistry`.
`src_registry`	`typing.Union[str, Registry]`	Container registry to pull the image from.
`dive_scan_job`	`DiveScan`	Dive scan job.
`trivy_ignore_file_check_job`	`TrivyIgnoreFileCheck`	Trivy ignore file check job.
`trivy_scan_local_image_job`	`TrivyScanLocalImage`	Trivy scan local image job.

`crane_pull_job`^Required ¶

crane_pull_job: CranePull

Type: CranePull

CranPull job.

`crane_push_job`^Required ¶

crane_push_job: CranePush

Type: CranePush

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`do_dive_scan`^Required ¶

do_dive_scan: bool

Type: bool
Default: true

Set to false to skip the Dive scan job.

`do_trivyignore_check`^Required ¶

do_trivyignore_check: bool

Type: bool
Default: true

Set to false to skip the existance check of the .trivyignore file.

`do_trivy_scan`^Required ¶

do_trivy_scan: bool

Type: bool
Default: true

Set to false to skip the Trivy scan job.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to push the image to.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`image_name`^Required ¶

image_name: str

Type: str

Image name with stage in the registry.

e.g. username/image_name.

`image_tag`^Required ¶

image_tag: str

Type: str

Container image tag to pull from srcRegistry and push to dstRegistry.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]
Default: Registry.DOCKER

Container registry to pull the image from.

If the container registry needs authentication, you have to provide a DockerClientConfig object with credentials.

`dive_scan_job`^Optional ¶

dive_scan_job: DiveScan

Type: DiveScan

Dive scan job.

`trivy_ignore_file_check_job`^Optional ¶

trivy_ignore_file_check_job: TrivyIgnoreFileCheck

Type: TrivyIgnoreFileCheck

Trivy ignore file check job.

`trivy_scan_local_image_job`^Optional ¶

trivy_scan_local_image_job: TrivyScanLocalImage

Type: TrivyScanLocalImage

Trivy scan local image job.

ICraneCopy ¶

Implemented By: CraneCopy, ICraneCopy

Properties ¶

Name	Type	Description
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`src_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image from.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image from.

`docker_client_config`^Optional ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, used by crane to authenticate against given registries.

ICranePull ¶

Implemented By: CranePull, ICranePull

Properties ¶

Name	Type	Description
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`image_name`	`str`	Container image with namespace to pull from `srcRegistry`.
`image_tag`	`str`	Tag of the image which will be pulled.
`src_registry`	`typing.Union[str, Registry]`	Registry URL to pull container image from.
`tar_path`	`str`	Path where to save the container image tarball.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig
Default: DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

`image_name`^Required ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Container image with namespace to pull from srcRegistry.

`image_tag`^Required ¶

image_tag: str

Type: str
Default: latest

Tag of the image which will be pulled.

`src_registry`^Required ¶

src_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to pull container image from.

`tar_path`^Required ¶

tar_path: str

Type: str
Default: PredefinedVariables.ciProjectDir

Path where to save the container image tarball.

ICranePush ¶

Implemented By: CranePush, ICranePush

Properties ¶

Name	Type	Description
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`dst_registry`	`typing.Union[str, Registry]`	Registry URL to copy container image to.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_tag`	`str`	The tag the image will be tagged with.
`tar_path`	`str`	Path where to find the container image tarball.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`dst_registry`^Required ¶

dst_registry: typing.Union[str, Registry]

Type: typing.Union[str, Registry]

Registry URL to copy container image to.

`image_name`^Required ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Container image name, searched for in imagePath and gets .tar appended.

`image_tag`^Required ¶

image_tag: str

Type: str
Default: PredefinedVariables.ciCommitTag

The tag the image will be tagged with.

`tar_path`^Required ¶

tar_path: str

Type: str
Default: PredefinedVariables.ciProjectDir

Path where to find the container image tarball.

IDiveScan ¶

Implemented By: DiveScan, IDiveScan

Properties ¶

Name	Type	Description
`highest_user_wasted_percent`	`typing.Union[int, float]`	Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.
`ignore_errors`	`bool`	Ignore image parsing errors and run the analysis anyway.
`image_name`	`str`	Name of the container image to scan, if `source` is `docker-archive` argument gets prefix `.tar`.
`image_path`	`str`	Path to the image can be either a remote container registry, as well as a local path to an image.
`image_tag`	`str`	The tag the image will be tagged with.
`lowest_efficiency`	`typing.Union[int, float]`	Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.
`source`	`str`	The container engine to fetch the image from.
`highest_wasted_bytes`	`typing.Union[int, float]`	Highest allowable bytes wasted, otherwise CI validation will fail.

`highest_user_wasted_percent`^Required ¶

highest_user_wasted_percent: typing.Union[int, float]

Type: typing.Union[int, float]
Default: 0.1

Highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail.

`ignore_errors`^Required ¶

ignore_errors: bool

Type: bool
Default: false

Ignore image parsing errors and run the analysis anyway.

`image_name`^Required ¶

image_name: str

Type: str
Default: PredefinedVariables.ciProjectName

Name of the container image to scan, if source is docker-archive argument gets prefix .tar.

`image_path`^Required ¶

image_path: str

Type: str
Default: PredefinedVariables.ciProjectPath

Path to the image can be either a remote container registry, as well as a local path to an image.

`image_tag`^Required ¶

image_tag: str

Type: str
Default: PredefinedVariables.ciCommitTag

The tag the image will be tagged with.

`lowest_efficiency`^Required ¶

lowest_efficiency: typing.Union[int, float]

Type: typing.Union[int, float]
Default: 0.9

Lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail.

`source`^Required ¶

source: str

Type: str
Default: docker-archive

The container engine to fetch the image from.

Allowed values: docker, podman, docker-archive

`highest_wasted_bytes`^Optional ¶

highest_wasted_bytes: typing.Union[int, float]

Type: typing.Union[int, float]

Highest allowable bytes wasted, otherwise CI validation will fail.

IDockerBuild ¶

Implemented By: DockerBuild, IDockerBuild

Properties ¶

Name	Type	Description
`context`	`str`	The Docker build context (the directory containing the Dockerfile).
`repository`	`str`	The Docker repository name `([<registry>/]<image>)`.
`tag`	`str`	A Docker image tag applied to the image.

`context`^Required ¶

context: str

Type: str
Default: .

The Docker build context (the directory containing the Dockerfile).

`repository`^Required ¶

repository: str

Type: str

The Docker repository name ([<registry>/]<image>).

`tag`^Required ¶

tag: str

Type: str
Default: "latest"

A Docker image tag applied to the image.

IDockerClientConfig ¶

Implemented By: DockerClientConfig, IDockerClientConfig

Properties ¶

Name	Type	Description
`config`	`IDockerClientConfigType`	Docker client configuration.
`config_file_path`	`str`	Docker client config path.

`config`^Required ¶

config: IDockerClientConfigType

Type: IDockerClientConfigType

Docker client configuration.

`config_file_path`^Required ¶

config_file_path: str

Type: str
Default: $HOME/.docker/config.json

Docker client config path.

IDockerClientConfigType ¶

Implemented By: IDockerClientConfigType

Properties ¶

Name	Type	Description
`auths`	`typing.Mapping[typing.Any]`	No description.
`cred_helpers`	`typing.Mapping[str]`	No description.
`creds_store`	`str`	No description.
`raw_input`	`typing.Mapping[str]`	No description.

`auths`^Optional ¶

auths: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

`cred_helpers`^Optional ¶

cred_helpers: typing.Mapping[str]

Type: typing.Mapping[str]

`creds_store`^Optional ¶

creds_store: str

Type: str

`raw_input`^Optional ¶

raw_input: typing.Mapping[str]

Type: typing.Mapping[str]

IDockerPush ¶

Implemented By: DockerPush, IDockerPush

Properties ¶

Name	Type	Description
`container_image`	`str`	The name of the Docker image to push to the `registry`.
`registry`	`str`	The Docker registry the image should be pushed to.
`tag`	`str`	The Docker image tag that should be pushed to the `registry`.
`login_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.
`user_env_var`	`str`	If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

`container_image`^Required ¶

container_image: str

Type: str

The name of the Docker image to push to the registry.

`registry`^Required ¶

registry: str

Type: str
Default: index.docker.io/v1

The Docker registry the image should be pushed to.

`tag`^Required ¶

tag: str

Type: str
Default: latest

The Docker image tag that should be pushed to the registry.

`login_env_var`^Optional ¶

login_env_var: str

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the password or token, here.

DO NOT PROVIDE THE LOGIN VALUE ITSELF! This would be a security issue!

`user_env_var`^Optional ¶

user_env_var: str

Type: str

If you have to login to the registry before the push, you have to provide the name of the environment variable, which contains the username value, here.

DO NOT PROVIDE THE USERNAME VALUE ITSELF! This would be a security issue!

IKanikoExecute ¶

Implemented By: KanikoExecute, IKanikoExecute

Properties ¶

Name	Type	Description
`context`	`str`	Context which will be send to kaniko.
`docker_client_config`	`DockerClientConfig`	Creates the Docker configuration file base on objects settings, to authenticate against given registries.
`dockerfile`	`str`	Name of the dockerfile to use.
`enable_push`	`bool`	Enable push to container registry, disabled to allow subsequent jobs to act on container tarball.
`image_name`	`str`	Image name which will be created.
`image_tag`	`str`	The tag the image will be tagged with.
`verbosity`	`str`	Verbosity of kaniko logging.
`build_args`	`typing.Mapping[typing.Any]`	Container build arguments, used to instrument the container image build.
`build_target`	`str`	For container multistage builds name of the build stage you want to create.
`registries`	`typing.Union[typing.List[str], typing.List[Registry]]`	List of container registries to push created image to.
`tar_path`	`str`	Container images created by kaniko are tarball files.

`context`^Required ¶

context: str

Type: str
Default: PredefinedVariables.CI_PROJECT_DIR

Context which will be send to kaniko.

`docker_client_config`^Required ¶

docker_client_config: DockerClientConfig

Type: DockerClientConfig

Creates the Docker configuration file base on objects settings, to authenticate against given registries.

Defaults to a DockerClientConfig with login to the official Docker Hub and expecting credentials given as environment variables REGISTRY_USER and REGISTRY_LOGIN.

`dockerfile`^Required ¶

dockerfile: str

Type: str
Default: "Dockerfile"

Name of the dockerfile to use.

File is relative to context.

`enable_push`^Required ¶

enable_push: bool

Type: bool
Default: false

Enable push to container registry, disabled to allow subsequent jobs to act on container tarball.

`image_name`^Required ¶

image_name: str

Type: str
Default: PredefinedVariables.CI_PROJECT_NAME.

Image name which will be created.

`image_tag`^Required ¶

image_tag: str

Type: str
Default: PredefinedVariables.CI_COMMIT_TAG

The tag the image will be tagged with.

`verbosity`^Required ¶

verbosity: str

Type: str
Default: "info"

Verbosity of kaniko logging.

`build_args`^Optional ¶

build_args: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

Container build arguments, used to instrument the container image build.

`build_target`^Optional ¶

build_target: str

Type: str

For container multistage builds name of the build stage you want to create.

Image tag will be appended with the build_target. e.g. latest-buildtarget.

`registries`^Optional ¶

registries: typing.Union[typing.List[str], typing.List[Registry]]

Type: typing.Union[typing.List[str], typing.List[Registry]]

List of container registries to push created image to.

`tar_path`^Optional ¶

tar_path: str

Type: str

Container images created by kaniko are tarball files.

This is the path where to store the image, will be named with suffix .tar. This path will be created if not present.

ITrivyIgnoreFileCheck ¶

Implemented By: TrivyIgnoreFileCheck, ITrivyIgnoreFileCheck

Properties ¶

Name	Type	Description
`trivyignore_path`	`str`	Path to the `.trivyignore` file.

`trivyignore_path`^Required ¶

trivyignore_path: str

Type: str
Default: PredefinedVariables.ciProjectDir/.trivyignore

Path to the .trivyignore file.

ITrivyScanLocalImage ¶

Implemented By: TrivyScanLocalImage, ITrivyScanLocalImage

Properties ¶

Name	Type	Description
`debug`	`bool`	If trivy should run in debug mode.
`exit_if_vulnerable`	`bool`	Exit code when vulnerabilities were found.
`image_name`	`str`	Container image name, searched for in `imagePath` and gets `.tar` appended.
`image_path`	`str`	Path where to find the container image.
`image_tag`	`str`	The tag the image will be tagged with.
`output_format`	`str`	Scan output format, possible values (table, json).
`severity`	`str`	Severities of vulnerabilities to be displayed (comma separated).
`vulnerability_types`	`str`	List of vulnerability types (comma separated).
`trivy_config`	`str`	Additional options to pass to `trivy` binary.

`debug`^Required ¶

debug: bool

Type: bool
Default: false

If trivy should run in debug mode.

`exit_if_vulnerable`^Required ¶

exit_if_vulnerable: bool

Type: bool
Default: true

Exit code when vulnerabilities were found.

If true exit code is 1 else 0.

`image_name`^Required ¶

image_name: str

Type: str
Default: PredefinedVariables.CI_PROJECT_NAME

Container image name, searched for in imagePath and gets .tar appended.

`image_path`^Required ¶

image_path: str

Type: str
Default: PredefinedVariables.CI_PROJECT_DIR

Path where to find the container image.

`image_tag`^Required ¶

image_tag: str

Type: str
Default: PredefinedVariables.CI_COMMIT_TAG

The tag the image will be tagged with.

`output_format`^Required ¶

output_format: str

Type: str
Default: "table"

Scan output format, possible values (table, json).

`severity`^Required ¶

severity: str

Type: str
Default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"

Severities of vulnerabilities to be displayed (comma separated).

`vulnerability_types`^Required ¶

vulnerability_types: str

Type: str
Default: "os,library"

List of vulnerability types (comma separated).

`trivy_config`^Optional ¶

trivy_config: str

Type: str

Additional options to pass to trivy binary.

container Submodule ¶

Structs ¶

AWSRegistryProps ¶

Initializer ¶

Properties ¶

account_idOptional ¶

regionOptional ¶

BuildContainerCollectionProps ¶

Initializer ¶

Properties ¶

docker_client_configOptional ¶

do_crane_pushOptional ¶

do_dive_scanOptional ¶

do_trivyignore_checkOptional ¶

do_trivy_scanOptional ¶

image_nameOptional ¶

image_tagOptional ¶

job_nameOptional ¶

job_stageOptional ¶

registryOptional ¶

CopyContainerCollectionProps ¶

Initializer ¶

Properties ¶

image_nameRequired ¶

image_tagRequired ¶

docker_client_configOptional ¶

do_dive_scanOptional ¶

do_trivyignore_checkOptional ¶

do_trivy_scanOptional ¶

dst_registryOptional ¶

job_nameOptional ¶

job_stageOptional ¶

src_registryOptional ¶

CraneCopyProps ¶

Initializer ¶

Properties ¶

dst_registryRequired ¶

src_registryRequired ¶

docker_client_configOptional ¶

job_nameOptional ¶

job_stageOptional ¶

CranePullProps ¶

Initializer ¶

Properties ¶

src_registryRequired ¶

docker_client_configOptional ¶

image_nameOptional ¶

image_tagOptional ¶

job_nameOptional ¶

job_stageOptional ¶

tar_pathOptional ¶

CranePushProps ¶

Initializer ¶

Properties ¶

dst_registryRequired ¶

docker_client_configOptional ¶

image_nameOptional ¶

image_tagOptional ¶

job_nameOptional ¶

job_stageOptional ¶

tar_pathOptional ¶

DiveScanProps ¶

Initializer ¶

Properties ¶

highest_user_wasted_percentOptional ¶

highest_wasted_bytesOptional ¶

ignore_errorsOptional ¶

image_nameOptional ¶

image_pathOptional ¶

image_tagOptional ¶

job_nameOptional ¶

job_stageOptional ¶

lowest_efficiencyOptional ¶

sourceOptional ¶

DockerBuildProps ¶

Initializer ¶

Properties ¶

repositoryRequired ¶

contextOptional ¶

job_nameOptional ¶

`container` Submodule ¶

`account_id`^Optional ¶

`region`^Optional ¶

`docker_client_config`^Optional ¶

`do_crane_push`^Optional ¶

`do_dive_scan`^Optional ¶

`do_trivyignore_check`^Optional ¶

`do_trivy_scan`^Optional ¶

`image_name`^Optional ¶

`image_tag`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`registry`^Optional ¶

`image_name`^Required ¶

`image_tag`^Required ¶

`docker_client_config`^Optional ¶

`do_dive_scan`^Optional ¶

`do_trivyignore_check`^Optional ¶

`do_trivy_scan`^Optional ¶

`dst_registry`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`src_registry`^Optional ¶

`dst_registry`^Required ¶

`src_registry`^Required ¶

`docker_client_config`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`src_registry`^Required ¶

`docker_client_config`^Optional ¶

`image_name`^Optional ¶

`image_tag`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`tar_path`^Optional ¶

`dst_registry`^Required ¶

`docker_client_config`^Optional ¶

`image_name`^Optional ¶

`image_tag`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`tar_path`^Optional ¶

`highest_user_wasted_percent`^Optional ¶

`highest_wasted_bytes`^Optional ¶

`ignore_errors`^Optional ¶

`image_name`^Optional ¶

`image_path`^Optional ¶

`image_tag`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`lowest_efficiency`^Optional ¶

`source`^Optional ¶

`repository`^Required ¶

`context`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`tag`^Optional ¶

`config_file_path`^Optional ¶

`container_image`^Required ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`login_env_var`^Optional ¶

`registry`^Optional ¶

`tag`^Optional ¶

`user_env_var`^Optional ¶

`build_args`^Optional ¶

`build_target`^Optional ¶

`context`^Optional ¶

`docker_client_config`^Optional ¶

`dockerfile`^Optional ¶

`enable_push`^Optional ¶

`image_name`^Optional ¶

`image_tag`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶

`registries`^Optional ¶

`tar_path`^Optional ¶

`verbosity`^Optional ¶

`job_name`^Optional ¶

`job_stage`^Optional ¶