Gitlab CI copy file from repo to pipeline and extract it to path-CodePudding

I have a folder file trivy-offline.db.tgz which i wanted to copy and extract it to docker while CI is running.

the project directory is - /builds/test/eval-trivy-3

gitlab-ci.yml

 container_scanning:
  stage: test
  image:
    name: $CI_REGISTRY/devops/trivy/trivy:0.20.1
    entrypoint: [""]
  variables:
    GIT_STRATEGY: none
    TRIVY_USERNAME: "$CI_REGISTRY_USER"
    TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"
    TRIVY_AUTH_URL: "$CI_REGISTRY"
    FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
  script:
    - echo "the project directory is - $CI_PROJECT_DIR"
    - trivy --version
    - time trivy image --clear-cache
    - <cp file to this docker>
    - <extract file to path>

CodePudding user response：

The first question to solve is, which tools are available within your trivy container you are using, do you have tar available inside or not.

the command for extracting via tar is quiet simple tar -xzf <file>.

GitLab CI is normally already checking out your repository, so the files should be already in place, and there is no need for special care.

Variant 1: tar available

 container_scanning:
  # ...
  script:
    - echo "the project directory is - $CI_PROJECT_DIR"
    - trivy --version
    - time trivy image --clear-cache
    - tar -xzf trivy-offline.db.tgz

Variant 2: tar not within the image

You can have a pre step with any other image containing tar and extract it with that one

 extract-trivy-db:
  # ...
  script:
    - tar -xzf trivy-offline.db.tgz
  artifacts:
    paths:
      - trivy-offline.db

 container_scanning:
  # ...
  needs: ["extract-trivy-db"]
  script:
    - echo "the project directory is - $CI_PROJECT_DIR"
    - trivy --version
    - time trivy image --clear-cache