Job Analysis

1 23:36:12 Running with gitlab-runner 18.9.0 (07e534ba)

2 23:36:12 on gitlab-runner-linux-1-5b9cfd64ff-k5sg5 aP4tCsXyp, system ID: r_wQDtEh3nNZsL

3 23:36:12 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_ENABLE_JOB_CLEANUP:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true

4 23:36:12 Resolving secrets

5 23:36:12 section_start:1777678572:prepare_executor

6 23:36:12 +Preparing the "kubernetes" executor

7 23:36:12 "CPURequest" overwritten with "2"

8 23:36:12 "MemoryRequest" overwritten with "4G"

9 23:36:12 Using Kubernetes namespace: gitlab-runner

10 23:36:12 Using Kubernetes executor with image registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac ...

11 23:36:12 Using attach strategy to execute scripts...

12 23:36:12 Using effective pull policy of [Always] for container init-permissions

13 23:36:12 Using effective pull policy of [Always] for container build

14 23:36:12 Using effective pull policy of [Always] for container helper

15 23:36:12 section_end:1777678572:prepare_executor

16 23:36:12 +section_start:1777678572:prepare_script

17 23:36:12 +Preparing environment

18 23:36:12 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...

19 23:36:12 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...

20 23:36:12 Subscribing to Kubernetes Pod events...

21 23:36:13 Type Reason Message

22 23:36:13 Normal Scheduled Successfully assigned gitlab-runner/runner-ap4tcsxyp-project-621-concurrent-5-kfcowcts to ci9

23 23:36:13 Normal Pulled Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v18.9.0" already present on machine

24 23:36:14 Normal Created Created container: init-permissions

25 23:36:14 Normal Started Started container init-permissions

26 23:36:14 Normal Pulled Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v18.9.0" already present on machine

27 23:36:15 Normal Created Created container: helper

28 23:36:15 Normal Started Started container helper

29 23:36:15 Normal Pulling Pulling image "registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac"

30 23:36:19 Normal Pulled Successfully pulled image "registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac" in 3.848s (3.848s including waiting). Image size: 49989654 bytes.

31 23:36:19 Normal Created Created container: build

32 23:36:19 Normal Started Started container build

33 23:36:22 Running on runner-ap4tcsxyp-project-621-concurrent-5-kfcowcts via gitlab-runner-linux-1-5b9cfd64ff-k5sg5...

34 23:36:22

35 23:36:22 section_end:1777678582:prepare_script

36 23:36:22 +section_start:1777678582:get_sources

37 23:36:22 +Getting source from Git repository

38 23:36:23 Gitaly correlation ID: 01KQJYCPK4Q1R4NAVZCXZ7HTEV

39 23:36:23 Fetching changes with git depth set to 1...

40 23:36:23 Initialized empty Git repository in /build/internal/gitlab-templates/.git/

41 23:36:23 Created fresh repository.

42 23:36:23 Checking out 50468f6f as detached HEAD (ref is refs/merge-requests/636/merge)...

43 23:36:23

44 23:36:23 Skipping Git submodules setup

45 23:36:23

46 23:36:23 section_end:1777678583:get_sources

47 23:36:23 +section_start:1777678583:step_script

48 23:36:23 +Executing "step_script" stage of the job script

49 23:36:24 section_start:1777678583:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {

50 23:36:24 rv=$?

51 23:36:24 if [ $rv -ne 0 ]; then

52 23:36:24 echo ""

53 23:36:24 echo " Failure Cause Analysis might help, please open this link:"

54 23:36:24 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

55 23:36:24 echo ""

56 23:36:24 fi

57 23:36:24 echo ""

58 23:36:24 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

59 23:36:24 echo ""

60 23:36:24 echo ""

61 23:36:24 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"

62 23:36:24 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"

63 23:36:24 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7C${LOKI_LOGSOURCE}&var-filters=namespace%7C%3D%7C${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID%7C%3D%7C${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID%7C%3D%7C${CI_PIPELINE_ID}&var-filters=CI_JOB_ID%7C%3D%7C${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"

64 23:36:24 __date_from=$(date -d "@$(( EPOCHSECONDS - 604800 ))" +%Y-%m-%d)

65 23:36:24 __date_to=$(date -d "@$(( EPOCHSECONDS + 604800 ))" +%Y-%m-%d)

66 23:36:24 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=${__date_from}~${__date_to}&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

67 23:36:24 echo ""

68 23:36:24 exit $rv

69 23:36:24 }

70 23:36:24 trap cleanup EXIT

71 23:36:24 echo "INFO: This is the CI job pre_build_script"

72 23:36:24 echo "INFO: It's defined in the backend/infra/onprem/k8s repo."

73 23:36:24 echo "INFO: These additional Scandit variables are available to you:"

74 23:36:24 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"

75 23:36:24 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"

76 23:36:24 echo " SC_K8S_KYVERNO_PATCHES: |"

77 23:36:24 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'

78 23:36:24 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"

79 23:36:24 if command -v numfmt >/dev/null 2>&1; then

80 23:36:24 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"

81 23:36:24 else

82 23:36:24 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"

83 23:36:24 fi

84 23:36:24 __start_time=${EPOCHSECONDS}

85 23:36:24 echo ""

86 23:36:24 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"

87 23:36:24 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"

88 23:36:24 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group%7C%3D%7Cgitlab-runner&var-filters=source%7C%3D%7C${LOKI_LOGSOURCE}&var-filters=namespace%7C%3D%7C${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID%7C%3D%7C${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID%7C%3D%7C${CI_PIPELINE_ID}&var-filters=CI_JOB_ID%7C%3D%7C${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"

89 23:36:24 __date_from=$(date -d "@$(( EPOCHSECONDS - 604800 ))" +%Y-%m-%d)

90 23:36:24 __date_to=$(date -d "@$(( EPOCHSECONDS + 604800 ))" +%Y-%m-%d)

91 23:36:24 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=${__date_from}~${__date_to}&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

92 23:36:24 echo ""

93 23:36:24 echo "Setting up credentials for Gitlab Python registries"

94 23:36:24 mkdir -p ~

95 23:36:24 echo "machine gitlab.scandit.com" > ~/.netrc

96 23:36:24 echo "login gitlab-ci-token" >> ~/.netrc

97 23:36:24 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc

98 23:36:24 chmod 600 ~/.netrc

99 23:36:24 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then

100 23:36:24 git config --global --add safe.directory $CI_PROJECT_DIR

101 23:36:24 fi

102 23:36:24 sleep infinity &

103 23:36:24 echo $! > ~/.bg_pid

104 23:36:24 section_end:1777678583:section_pre_build_script_0

105 23:36:24 INFO: This is the CI job pre_build_script

106 23:36:24 INFO: It's defined in the backend/infra/onprem/k8s repo.

107 23:36:24 INFO: These additional Scandit variables are available to you:

108 23:36:24 SC_K8S_NODE_NAME: ci9

109 23:36:24 SC_K8S_IMAGE_ID:

110 23:36:24 SC_K8S_KYVERNO_PATCHES: |

111 23:36:24

112 23:36:24 cpu (r/l): 2/8

113 23:36:24 memory (r/l): 4000000000/17179869184

114 23:36:24

115 23:36:24 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci9&var-namespace=gitlab-runner&var-pod=runner-ap4tcsxyp-project-621-concurrent-5-kfcowcts&var-resolution=15&from=1777678584000&to=now

116 23:36:24 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci9&var-resolution=15s&from=1777678584000&to=now

117 23:36:24 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C%3D%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1575288&var-filters=CI_JOB_ID%7C%3D%7C54243447&sortOrder=Ascending&from=1777678584000&to=now

118 23:36:24 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-24~2026-05-08&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

119 23:36:24

120 23:36:24 Setting up credentials for Gitlab Python registries

121 23:36:24 $ echo $DOCKER_CONFIG_JSON > /kaniko/.docker/config.json

122 23:36:24 $ mv /root/.netrc /kaniko/.netrc

123 23:36:24 section_start:1777678584:section_script_step_2[hide_duration=true,collapsed=true] $ function copy_files() {

124 23:36:24 local src="$1"

125 23:36:24 local trg="$2"

126 23:36:24 for f in $src; do

127 23:36:24 t="$trg/`dirname $f`"

128 23:36:24 mkdir -p $t || true

129 23:36:24 echo "Copy $f"

130 23:36:24 cp -pr $f $trg/$f

131 23:36:24 done

132 23:36:24 }

133 23:36:24 function recursive_hash() {

134 23:36:24 local dir="$1"

135 23:36:24 find "$dir" -exec stat -c '%F|%a|%u:%g|%n' {} + -type f -exec sha256sum {} + | sort | sha256sum | cut -d ' ' -f1

136 23:36:24 }

137 23:36:24 function remote_docker_digest() {

138 23:36:24 local images="$1"

139 23:36:24 echo $images | xargs -n 1 crane digest

140 23:36:24 }

141 23:36:24 function remote_image_exists() {

142 23:36:24 local image="$1"

143 23:36:24 crane manifest $image > /dev/null 2>&1

144 23:36:24 }

145 23:36:24 function remote_images_are_identical() {

146 23:36:24 local imageA="$1"

147 23:36:24 local imageB="$2"

148 23:36:24 if [[ $(remote_docker_digest "$imageA") == $(remote_docker_digest "$imageB") ]]; then

149 23:36:24 return 0

150 23:36:24 else

151 23:36:24 return 1

152 23:36:24 fi

153 23:36:24 }

154 23:36:24 function copy_image() {

155 23:36:24 local image="$1"

156 23:36:24 local remotes="$2"

157 23:36:24 local backup_ext="$3"

158 23:36:24 echo "$image"

159 23:36:24 local source_digest=$(remote_docker_digest $image)

160 23:36:24 local target_digest

161 23:36:24 for registry in $remotes; do

162 23:36:24 if target_digest=$(remote_docker_digest $registry); then

163 23:36:24 if [ "$target_digest" != "$source_digest" ]; then

164 23:36:24 echo "image outdated, overwriting with newest version"

165 23:36:24 crane copy $image $registry

166 23:36:24 crane copy $image ${registry}${backup_ext}

167 23:36:24 fi

168 23:36:24 else

169 23:36:24 echo "image does not exist, writing newest version"

170 23:36:24 crane copy $image $registry

171 23:36:24 crane copy $image ${registry}${backup_ext}

172 23:36:24 fi

173 23:36:24 done

174 23:36:24 }

175 23:36:24 section_end:1777678584:section_script_step_2

176 23:36:24 section_start:1777678584:section_script_step_3[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_SUBDIR" != "" ]; then

177 23:36:24 echo "Entering subpath $CONTAINER_SUBDIR"

178 23:36:24 cd $CONTAINER_SUBDIR

179 23:36:24 fi

180 23:36:24 section_end:1777678584:section_script_step_3

181 23:36:24 $ copy_files "$CONTAINER_IMPLICIT_REQUIREMENTS $CONTAINER_REQUIREMENTS" "$CONTAINER_CONTEXT_PATH"

182 23:36:24 Copy Dockerfile.dhi

183 23:36:24 $ echo "$CONTAINER_BUILD_ENVIRONMENT" > $CONTAINER_CONTEXT_PATH/.docker-build-env

184 23:36:24 $ docker_checksum=$(recursive_hash $CONTAINER_CONTEXT_PATH)

185 23:36:24 section_start:1777678584:section_script_step_7[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_IMAGE_NAME" == "" ]; then

186 23:36:24 final_image_name=${CONTAINER_IMAGE_URL}

187 23:36:24 else

188 23:36:24 final_image_name=${CONTAINER_IMAGE_URL}/${CONTAINER_IMAGE_NAME}

189 23:36:24 fi

190 23:36:24 section_end:1777678584:section_script_step_7

191 23:36:24 $ final_image_url=${final_image_name}:${docker_checksum}

192 23:36:24 section_start:1777678584:section_script_step_9[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

193 23:36:24 echo $CONTAINER_IMAGE_VARIABLE=${final_image_url}-P${CI_PROJECT_ID}-${CI_PIPELINE_ID} > $CI_PROJECT_DIR/docker_image_build.env

194 23:36:24 else

195 23:36:24 echo $CONTAINER_IMAGE_VARIABLE=$final_image_url > $CI_PROJECT_DIR/docker_image_build.env

196 23:36:24 fi

197 23:36:24 section_end:1777678584:section_script_step_9

198 23:36:24 $ echo ${CONTAINER_IMAGE_VARIABLE}_HASH=$docker_checksum >> $CI_PROJECT_DIR/docker_image_build.env

199 23:36:24 section_start:1777678584:section_script_step_11[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] || command -v crane &> /dev/null; then

200 23:36:24 echo $REGISTRY_PASSWORD | crane auth login $REGISTRY -u $REGISTRY_USER --password-stdin

201 23:36:24 fi

202 23:36:24 section_end:1777678584:section_script_step_11

203 23:36:24

204 23:36:24 WARNING! Your credentials are stored unencrypted in '/kaniko/.docker/config.json'.

205 23:36:24 Configure a credential helper to remove this warning. See

206 23:36:24 https://docs.docker.com/go/credential-store/

207 23:36:24

208 23:36:24 2026/05/01 23:36:24 logged in via /kaniko/.docker/config.json

209 23:36:24 section_start:1777678584:section_script_step_12[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] && remote_image_exists "$final_image_url"; then

210 23:36:24 echo "Image already exists, skip the build."

211 23:36:24 echo "$final_image_url"

212 23:36:24 if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

213 23:36:24 _EXT=""

214 23:36:24 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

215 23:36:24 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

216 23:36:24 _EXT="-MR${CI_MERGE_REQUEST_IID}"

217 23:36:24 _BACKUP_EXT=""

218 23:36:24 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

219 23:36:24 _EXT="-${CI_COMMIT_REF_SLUG}"

220 23:36:24 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

221 23:36:24 fi

222 23:36:24 for _TAG in $CONTAINER_IMAGE_TAG; do

223 23:36:24 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

224 23:36:24 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}" "${_BACKUP_EXT}"

225 23:36:24 done

226 23:36:24 if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

227 23:36:24 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

228 23:36:24 echo "Copying ${final_image_url} to ${final_image_url}${_EXT}"

229 23:36:24 copy_image "${final_image_url}" "${final_image_url}${_EXT}"

230 23:36:24 for _TAG in $CONTAINER_IMAGE_TAG; do

231 23:36:24 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

232 23:36:24 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}"

233 23:36:24 done

234 23:36:24 fi

235 23:36:24 exit 0

236 23:36:24 fi

237 23:36:24 section_end:1777678584:section_script_step_12

238 23:36:24 $ DESTINATIONS="--destination=$final_image_url"

239 23:36:24 section_start:1777678584:section_script_step_14[hide_duration=true,collapsed=true] $ if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

240 23:36:24 _EXT=""

241 23:36:24 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

242 23:36:24 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

243 23:36:24 _EXT="-MR${CI_MERGE_REQUEST_IID}"

244 23:36:24 TIMESTAMP_TAGS=""

245 23:36:24 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

246 23:36:24 _EXT="-${CI_COMMIT_REF_SLUG}"

247 23:36:24 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

248 23:36:24 fi

249 23:36:24 section_end:1777678584:section_script_step_14

250 23:36:24 section_start:1777678584:section_script_step_15[hide_duration=true,collapsed=true] $ for _TAG in $CONTAINER_IMAGE_TAG; do

251 23:36:24 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

252 23:36:24 done

253 23:36:24 section_end:1777678584:section_script_step_15

254 23:36:24 section_start:1777678584:section_script_step_16[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

255 23:36:24 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

256 23:36:24 DESTINATIONS="${DESTINATIONS} --destination=${final_image_url}${_EXT}"

257 23:36:24 for _TAG in $CONTAINER_IMAGE_TAG; do

258 23:36:24 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

259 23:36:24 done

260 23:36:24 fi

261 23:36:24 section_end:1777678584:section_script_step_16

262 23:36:24 section_start:1777678584:section_script_step_17[hide_duration=true,collapsed=true] $ DATE=$(date '+%Y%m%d')

263 23:36:24 for _TAG in $TIMESTAMP_TAGS; do

264 23:36:24 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}-CI${CI_JOB_ID}-${DATE}"

265 23:36:24 done

266 23:36:24 section_end:1777678584:section_script_step_17

267 23:36:24 section_start:1777678584:section_script_step_18[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_BUILD_ARGS}" ]; then

268 23:36:24 for _BUILD_ARG in $CONTAINER_BUILD_ARGS; do

269 23:36:24 FINAL_BUILD_ARGS="--build-arg $_BUILD_ARG $FINAL_BUILD_ARGS"

270 23:36:24 done

271 23:36:24 fi

272 23:36:24 section_end:1777678584:section_script_step_18

273 23:36:24 section_start:1777678584:section_script_step_19[hide_duration=true,collapsed=true] $ for _PATH in $CONTAINER_IGNORE_PATHS; do

274 23:36:24 FINAL_IGNORE_PATHS="--ignore-path=$_PATH $FINAL_IGNORE_PATHS"

275 23:36:24 done

276 23:36:24 section_end:1777678584:section_script_step_19

277 23:36:24 section_start:1777678584:section_script_step_20[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_PLATFORM}" ]; then

278 23:36:24 KANIKO_PLATFORM="--custom-platform=${CONTAINER_PLATFORM}"

279 23:36:24 fi

280 23:36:24 section_end:1777678584:section_script_step_20

281 23:36:24 $ ANNOTATIONS=""

282 23:36:24 section_start:1777678584:section_script_step_22[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_REF_NAME" ]]; then

283 23:36:24 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"

284 23:36:24 fi

285 23:36:24 section_end:1777678584:section_script_step_22

286 23:36:24 section_start:1777678584:section_script_step_23[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_SHA" ]]; then

287 23:36:24 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.revision=${CI_COMMIT_SHA}"

288 23:36:24 fi

289 23:36:24 section_end:1777678584:section_script_step_23

290 23:36:24 section_start:1777678584:section_script_step_24[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_URL" ]]; then

291 23:36:24 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.url=${CI_JOB_URL}"

292 23:36:24 fi

293 23:36:24 section_end:1777678584:section_script_step_24

294 23:36:24 section_start:1777678584:section_script_step_25[hide_duration=true,collapsed=true] $ if [[ -n "$CI_PIPELINE_ID" ]]; then

295 23:36:24 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.pipeline_id=${CI_PIPELINE_ID}"

296 23:36:24 fi

297 23:36:24 section_end:1777678584:section_script_step_25

298 23:36:24 section_start:1777678584:section_script_step_26[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_ID" ]]; then

299 23:36:24 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_id=${CI_JOB_ID}"

300 23:36:24 fi

301 23:36:24 section_end:1777678584:section_script_step_26

302 23:36:24 section_start:1777678584:section_script_step_27[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_IMAGE" ]]; then

303 23:36:24 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_image=${CI_JOB_IMAGE}"

304 23:36:24 fi

305 23:36:24 section_end:1777678584:section_script_step_27

306 23:36:24 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.title=${final_image_name}:$(echo $CONTAINER_IMAGE_TAG | cut -d' ' -f1)"

307 23:36:24 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)"

308 23:36:24 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.vendor=Scandit"

309 23:36:24 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.scandit.ci.hash=${docker_checksum}"

310 23:36:24 section_start:1777678584:section_script_step_32[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_TARGET_STAGE}" ]; then

311 23:36:24 KANIKO_TARGET="--target $CONTAINER_TARGET_STAGE"

312 23:36:24 fi

313 23:36:24 section_end:1777678584:section_script_step_32

314 23:36:24 $ set -x

315 23:36:24 + echo '$ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS'

316 23:36:24 $ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS

317 23:36:24 + /kaniko/executor --context /build/internal/gitlab-templates/context/ --dockerfile Dockerfile.dhi '--destination=registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' '--destination=registry.scandit.com/internal/gitlab-templates:latest-MR636' '--cache=true' --cache-copy-layers --cache-dir /cache/kaniko --cache-repo registry.scandit.com/internal/gitlab-templates/cache '--cache-ttl=336h' --annotation 'org.opencontainers.image.ref.name=renovate/martizih-kaniko-1.x' --annotation 'org.opencontainers.image.revision=50468f6f2468dfc2204ca6e162113f80d494530f' --annotation 'org.opencontainers.image.url=https://gitlab.scandit.com/internal/gitlab-templates/-/jobs/54243447' --annotation 'io.gitlab.ci.pipeline_id=1575288' --annotation 'io.gitlab.ci.job_id=54243447' --annotation 'io.gitlab.ci.job_image=registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac' --annotation 'org.opencontainers.image.title=registry.scandit.com/internal/gitlab-templates:latest' --annotation 'org.opencontainers.image.created=2026-05-01T23:36:24Z' --annotation 'org.opencontainers.image.vendor=Scandit' --annotation 'io.scandit.ci.hash=7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' --preserve-context '--credential-helpers=gitlab' --secret 'id=netrc,src=/kaniko/.netrc' --secret 'id=ci_job_token,env=CI_JOB_TOKEN'

318 23:36:24 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

319 23:36:24 INFO[0000] Retrieving image manifest dhi.io/debian-base:trixie-dev

320 23:36:24 INFO[0000] Retrieving image dhi.io/debian-base:trixie-dev from registry dhi.io

321 23:36:24 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

322 23:36:25 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

323 23:36:25 INFO[0001] Returning cached image manifest

324 23:36:25 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

325 23:36:25 INFO[0001] Returning cached image manifest

326 23:36:25 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

327 23:36:25 INFO[0001] Returning cached image manifest

328 23:36:25 INFO[0001] Built cross stage deps: map[]

329 23:36:25 INFO[0001] Skipping context snapshot as no-one requires it

330 23:36:25 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

331 23:36:25 INFO[0001] Returning cached image manifest

332 23:36:25 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

333 23:36:25 INFO[0001] Returning cached image manifest

334 23:36:25 INFO[0001] Building stage 'dhi.io/debian-base:trixie-dev' [idx: '0', base-idx: '-1']

335 23:36:25 INFO[0001] Checking for cached layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc...

336 23:36:25 INFO[0001] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

337 23:36:26 INFO[0001] Using caching version of cmd: RUN whoami

338 23:36:26 INFO[0001] Skipping unpacking as no commands require it.

339 23:36:26 INFO[0001] RUN whoami

340 23:36:26 INFO[0001] Found cached layer, extracting to filesystem

341 23:36:26 INFO[0001] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

342 23:36:26 INFO[0001] Pushing image to registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5

343 23:36:26 INFO[0002] Pushed registry.scandit.com/internal/gitlab-templates@sha256:c0e548cdbf8aa72c80d38fa1960d50311c8882bc93e79912648c42b6353a6b82

344 23:36:26 INFO[0002] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

345 23:36:26 INFO[0002] Pushing image to registry.scandit.com/internal/gitlab-templates:latest-MR636

346 23:36:27 INFO[0002] Pushed registry.scandit.com/internal/gitlab-templates@sha256:c0e548cdbf8aa72c80d38fa1960d50311c8882bc93e79912648c42b6353a6b82

347 23:36:27 + cleanup

348 23:36:27 + rv=0

349 23:36:27 + '[' 0 -ne 0 ]

350 23:36:27 + echo

351 23:36:27

352 23:36:27 + echo 'Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54243447'

353 23:36:27 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54243447

354 23:36:27 + echo

355 23:36:27

356 23:36:27 + echo

357 23:36:27

358 23:36:27 + echo 'Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci9&var-namespace=gitlab-runner&var-pod=runner-ap4tcsxyp-project-621-concurrent-5-kfcowcts&var-resolution=15&from=1777678584000&to=1777678586000'

359 23:36:27 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci9&var-namespace=gitlab-runner&var-pod=runner-ap4tcsxyp-project-621-concurrent-5-kfcowcts&var-resolution=15&from=1777678584000&to=1777678586000

360 23:36:27 + echo 'Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci9&var-resolution=15s&from=1777678584000&to=1777678586000'

361 23:36:27 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci9&var-resolution=15s&from=1777678584000&to=1777678586000

362 23:36:27 + echo 'Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1575288&var-filters=CI_JOB_ID%7C%3D%7C54243447&sortOrder=Ascending&from=1777678584000&to=1777678586000'

363 23:36:27 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1575288&var-filters=CI_JOB_ID%7C%3D%7C54243447&sortOrder=Ascending&from=1777678584000&to=1777678586000

364 23:36:27 + date -d @1777073786 '+%Y-%m-%d'

365 23:36:27 + __date_from=2026-04-24

366 23:36:27 + date -d @1778283386 '+%Y-%m-%d'

367 23:36:27 + __date_to=2026-05-08

368 23:36:27 + echo 'Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-24~2026-05-08&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates'

369 23:36:27 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-24~2026-05-08&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

370 23:36:27 + echo

371 23:36:27

372 23:36:27 + exit 0

373 23:36:27

374 23:36:27 section_end:1777678587:step_script

375 23:36:27 +section_start:1777678587:upload_artifacts_on_success

376 23:36:27 +Uploading artifacts for successful job

377 23:36:27 Uploading artifacts...

378 23:36:27 docker_image_build.env: found 1 matching artifact files and directories

379 23:36:28 Uploading artifacts as "dotenv" to coordinator... 201 Created correlation_id=01KQJYD5XHWE62SZD19Q8935CN id=54243447 responseStatus=201 Created token=64_ju8VKP

380 23:36:28

381 23:36:28 section_end:1777678588:upload_artifacts_on_success

382 23:36:28 +section_start:1777678588:cleanup_file_variables

383 23:36:28 +Cleaning up project directory and file based variables

384 23:36:28 Removing context/

385 23:36:28 Removing docker_image_build.env

386 23:36:28 HEAD is now at 50468f6 Merge branch 'renovate/martizih-kaniko-1.x' into 'master'

387 23:36:28

388 23:36:28 section_end:1777678588:cleanup_file_variables

389 23:36:28 +

390 23:36:28 Job succeeded

391

build-python3-image-with-docker-hardened-image ○ success

Job Execution Phases

Full Job Log