Job Analysis

1 17:05:26 Running with gitlab-runner 18.9.0 (07e534ba)

2 17:05:26 on gitlab-runner-linux-1-5b9cfd64ff-k5sg5 aP4tCsXyp, system ID: r_wQDtEh3nNZsL

3 17:05:26 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_ENABLE_JOB_CLEANUP:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true

4 17:05:26 Resolving secrets

5 17:05:26 section_start:1777827926:prepare_executor

6 17:05:26 +Preparing the "kubernetes" executor

7 17:05:26 "CPURequest" overwritten with "2"

8 17:05:26 "MemoryRequest" overwritten with "4G"

9 17:05:26 Using Kubernetes namespace: gitlab-runner

10 17:05:26 Using Kubernetes executor with image registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac ...

11 17:05:26 Using attach strategy to execute scripts...

12 17:05:26 Using effective pull policy of [Always] for container init-permissions

13 17:05:26 Using effective pull policy of [Always] for container build

14 17:05:26 Using effective pull policy of [Always] for container helper

15 17:05:26 section_end:1777827926:prepare_executor

16 17:05:26 +section_start:1777827926:prepare_script

17 17:05:26 +Preparing environment

18 17:05:26 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...

19 17:05:26 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...

20 17:05:26 Subscribing to Kubernetes Pod events...

21 17:05:26 Type Reason Message

22 17:05:26 Normal Scheduled Successfully assigned gitlab-runner/runner-ap4tcsxyp-project-621-concurrent-2-tndvqiac to ci9

23 17:05:27 Normal Pulled Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v18.9.0" already present on machine

24 17:05:28 Normal Created Created container: init-permissions

25 17:05:28 Normal Started Started container init-permissions

26 17:05:29 Normal Pulled Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v18.9.0" already present on machine

27 17:05:29 Normal Created Created container: helper

28 17:05:29 Normal Started Started container helper

29 17:05:29 Normal Pulling Pulling image "registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac"

30 17:05:30 Normal Pulled Successfully pulled image "registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac" in 510ms (510ms including waiting). Image size: 49989654 bytes.

31 17:05:30 Normal Created Created container: build

32 17:05:30 Normal Started Started container build

33 17:05:33 Running on runner-ap4tcsxyp-project-621-concurrent-2-tndvqiac via gitlab-runner-linux-1-5b9cfd64ff-k5sg5...

34 17:05:33

35 17:05:33 section_end:1777827933:prepare_script

36 17:05:33 +section_start:1777827933:get_sources

37 17:05:33 +Getting source from Git repository

38 17:05:33 Gitaly correlation ID: 01KQQCTKS90J8TH1S4YT92Y4YR

39 17:05:33 Fetching changes with git depth set to 1...

40 17:05:33 Initialized empty Git repository in /build/internal/gitlab-templates/.git/

41 17:05:33 Created fresh repository.

42 17:05:34 Checking out 32840034 as detached HEAD (ref is master)...

43 17:05:34

44 17:05:34 Skipping Git submodules setup

45 17:05:34

46 17:05:34 section_end:1777827934:get_sources

47 17:05:34 +section_start:1777827934:step_script

48 17:05:34 +Executing "step_script" stage of the job script

49 17:05:35 section_start:1777827934:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {

50 17:05:35 rv=$?

51 17:05:35 if [ $rv -ne 0 ]; then

52 17:05:35 echo ""

53 17:05:35 echo " Failure Cause Analysis might help, please open this link:"

54 17:05:35 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

55 17:05:35 echo ""

56 17:05:35 fi

57 17:05:35 echo ""

58 17:05:35 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

59 17:05:35 echo ""

60 17:05:35 echo ""

61 17:05:35 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"

62 17:05:35 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"

63 17:05:35 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7C${LOKI_LOGSOURCE}&var-filters=namespace%7C%3D%7C${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID%7C%3D%7C${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID%7C%3D%7C${CI_PIPELINE_ID}&var-filters=CI_JOB_ID%7C%3D%7C${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"

64 17:05:35 __date_from=$(date -d "@$(( EPOCHSECONDS - 604800 ))" +%Y-%m-%d)

65 17:05:35 __date_to=$(date -d "@$(( EPOCHSECONDS + 604800 ))" +%Y-%m-%d)

66 17:05:35 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=${__date_from}~${__date_to}&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

67 17:05:35 echo ""

68 17:05:35 exit $rv

69 17:05:35 }

70 17:05:35 trap cleanup EXIT

71 17:05:35 echo "INFO: This is the CI job pre_build_script"

72 17:05:35 echo "INFO: It's defined in the backend/infra/onprem/k8s repo."

73 17:05:35 echo "INFO: These additional Scandit variables are available to you:"

74 17:05:35 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"

75 17:05:35 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"

76 17:05:35 echo " SC_K8S_KYVERNO_PATCHES: |"

77 17:05:35 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'

78 17:05:35 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"

79 17:05:35 if command -v numfmt >/dev/null 2>&1; then

80 17:05:35 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"

81 17:05:35 else

82 17:05:35 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"

83 17:05:35 fi

84 17:05:35 __start_time=${EPOCHSECONDS}

85 17:05:35 echo ""

86 17:05:35 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"

87 17:05:35 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"

88 17:05:35 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group%7C%3D%7Cgitlab-runner&var-filters=source%7C%3D%7C${LOKI_LOGSOURCE}&var-filters=namespace%7C%3D%7C${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID%7C%3D%7C${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID%7C%3D%7C${CI_PIPELINE_ID}&var-filters=CI_JOB_ID%7C%3D%7C${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"

89 17:05:35 __date_from=$(date -d "@$(( EPOCHSECONDS - 604800 ))" +%Y-%m-%d)

90 17:05:35 __date_to=$(date -d "@$(( EPOCHSECONDS + 604800 ))" +%Y-%m-%d)

91 17:05:35 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=${__date_from}~${__date_to}&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

92 17:05:35 echo ""

93 17:05:35 echo "Setting up credentials for Gitlab Python registries"

94 17:05:35 mkdir -p ~

95 17:05:35 echo "machine gitlab.scandit.com" > ~/.netrc

96 17:05:35 echo "login gitlab-ci-token" >> ~/.netrc

97 17:05:35 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc

98 17:05:35 chmod 600 ~/.netrc

99 17:05:35 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then

100 17:05:35 git config --global --add safe.directory $CI_PROJECT_DIR

101 17:05:35 fi

102 17:05:35 sleep infinity &

103 17:05:35 echo $! > ~/.bg_pid

104 17:05:35 section_end:1777827934:section_pre_build_script_0

105 17:05:35 INFO: This is the CI job pre_build_script

106 17:05:35 INFO: It's defined in the backend/infra/onprem/k8s repo.

107 17:05:35 INFO: These additional Scandit variables are available to you:

108 17:05:35 SC_K8S_NODE_NAME: ci9

109 17:05:35 SC_K8S_IMAGE_ID:

110 17:05:35 SC_K8S_KYVERNO_PATCHES: |

111 17:05:35

112 17:05:35 cpu (r/l): 2/8

113 17:05:35 memory (r/l): 4000000000/17179869184

114 17:05:35

115 17:05:35 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci9&var-namespace=gitlab-runner&var-pod=runner-ap4tcsxyp-project-621-concurrent-2-tndvqiac&var-resolution=15&from=1777827934000&to=now

116 17:05:35 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci9&var-resolution=15s&from=1777827934000&to=now

117 17:05:35 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C%3D%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1576293&var-filters=CI_JOB_ID%7C%3D%7C54273475&sortOrder=Ascending&from=1777827934000&to=now

118 17:05:35 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-26~2026-05-10&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

119 17:05:35

120 17:05:35 Setting up credentials for Gitlab Python registries

121 17:05:35 $ echo $DOCKER_CONFIG_JSON > /kaniko/.docker/config.json

122 17:05:35 $ mv /root/.netrc /kaniko/.netrc

123 17:05:35 section_start:1777827934:section_script_step_2[hide_duration=true,collapsed=true] $ function copy_files() {

124 17:05:35 local src="$1"

125 17:05:35 local trg="$2"

126 17:05:35 for f in $src; do

127 17:05:35 t="$trg/`dirname $f`"

128 17:05:35 mkdir -p $t || true

129 17:05:35 echo "Copy $f"

130 17:05:35 cp -pr $f $trg/$f

131 17:05:35 done

132 17:05:35 }

133 17:05:35 function recursive_hash() {

134 17:05:35 local dir="$1"

135 17:05:35 find "$dir" -exec stat -c '%F|%a|%u:%g|%n' {} + -type f -exec sha256sum {} + | sort | sha256sum | cut -d ' ' -f1

136 17:05:35 }

137 17:05:35 function remote_docker_digest() {

138 17:05:35 local images="$1"

139 17:05:35 echo $images | xargs -n 1 crane digest

140 17:05:35 }

141 17:05:35 function remote_image_exists() {

142 17:05:35 local image="$1"

143 17:05:35 crane manifest $image > /dev/null 2>&1

144 17:05:35 }

145 17:05:35 function remote_images_are_identical() {

146 17:05:35 local imageA="$1"

147 17:05:35 local imageB="$2"

148 17:05:35 if [[ $(remote_docker_digest "$imageA") == $(remote_docker_digest "$imageB") ]]; then

149 17:05:35 return 0

150 17:05:35 else

151 17:05:35 return 1

152 17:05:35 fi

153 17:05:35 }

154 17:05:35 function copy_image() {

155 17:05:35 local image="$1"

156 17:05:35 local remotes="$2"

157 17:05:35 local backup_ext="$3"

158 17:05:35 echo "$image"

159 17:05:35 local source_digest=$(remote_docker_digest $image)

160 17:05:35 local target_digest

161 17:05:35 for registry in $remotes; do

162 17:05:35 if target_digest=$(remote_docker_digest $registry); then

163 17:05:35 if [ "$target_digest" != "$source_digest" ]; then

164 17:05:35 echo "image outdated, overwriting with newest version"

165 17:05:35 crane copy $image $registry

166 17:05:35 crane copy $image ${registry}${backup_ext}

167 17:05:35 fi

168 17:05:35 else

169 17:05:35 echo "image does not exist, writing newest version"

170 17:05:35 crane copy $image $registry

171 17:05:35 crane copy $image ${registry}${backup_ext}

172 17:05:35 fi

173 17:05:35 done

174 17:05:35 }

175 17:05:35 section_end:1777827934:section_script_step_2

176 17:05:35 section_start:1777827934:section_script_step_3[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_SUBDIR" != "" ]; then

177 17:05:35 echo "Entering subpath $CONTAINER_SUBDIR"

178 17:05:35 cd $CONTAINER_SUBDIR

179 17:05:35 fi

180 17:05:35 section_end:1777827934:section_script_step_3

181 17:05:35 $ copy_files "$CONTAINER_IMPLICIT_REQUIREMENTS $CONTAINER_REQUIREMENTS" "$CONTAINER_CONTEXT_PATH"

182 17:05:35 Copy Dockerfile.dhi

183 17:05:35 $ echo "$CONTAINER_BUILD_ENVIRONMENT" > $CONTAINER_CONTEXT_PATH/.docker-build-env

184 17:05:35 $ docker_checksum=$(recursive_hash $CONTAINER_CONTEXT_PATH)

185 17:05:35 section_start:1777827934:section_script_step_7[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_IMAGE_NAME" == "" ]; then

186 17:05:35 final_image_name=${CONTAINER_IMAGE_URL}

187 17:05:35 else

188 17:05:35 final_image_name=${CONTAINER_IMAGE_URL}/${CONTAINER_IMAGE_NAME}

189 17:05:35 fi

190 17:05:35 section_end:1777827934:section_script_step_7

191 17:05:35 $ final_image_url=${final_image_name}:${docker_checksum}

192 17:05:35 section_start:1777827934:section_script_step_9[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

193 17:05:35 echo $CONTAINER_IMAGE_VARIABLE=${final_image_url}-P${CI_PROJECT_ID}-${CI_PIPELINE_ID} > $CI_PROJECT_DIR/docker_image_build.env

194 17:05:35 else

195 17:05:35 echo $CONTAINER_IMAGE_VARIABLE=$final_image_url > $CI_PROJECT_DIR/docker_image_build.env

196 17:05:35 fi

197 17:05:35 section_end:1777827934:section_script_step_9

198 17:05:35 $ echo ${CONTAINER_IMAGE_VARIABLE}_HASH=$docker_checksum >> $CI_PROJECT_DIR/docker_image_build.env

199 17:05:35 section_start:1777827934:section_script_step_11[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] || command -v crane &> /dev/null; then

200 17:05:35 echo $REGISTRY_PASSWORD | crane auth login $REGISTRY -u $REGISTRY_USER --password-stdin

201 17:05:35 fi

202 17:05:35 section_end:1777827934:section_script_step_11

203 17:05:35

204 17:05:35 WARNING! Your credentials are stored unencrypted in '/kaniko/.docker/config.json'.

205 17:05:35 Configure a credential helper to remove this warning. See

206 17:05:35 https://docs.docker.com/go/credential-store/

207 17:05:35

208 17:05:35 2026/05/03 17:05:34 logged in via /kaniko/.docker/config.json

209 17:05:35 section_start:1777827934:section_script_step_12[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] && remote_image_exists "$final_image_url"; then

210 17:05:35 echo "Image already exists, skip the build."

211 17:05:35 echo "$final_image_url"

212 17:05:35 if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

213 17:05:35 _EXT=""

214 17:05:35 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

215 17:05:35 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

216 17:05:35 _EXT="-MR${CI_MERGE_REQUEST_IID}"

217 17:05:35 _BACKUP_EXT=""

218 17:05:35 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

219 17:05:35 _EXT="-${CI_COMMIT_REF_SLUG}"

220 17:05:35 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

221 17:05:35 fi

222 17:05:35 for _TAG in $CONTAINER_IMAGE_TAG; do

223 17:05:35 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

224 17:05:35 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}" "${_BACKUP_EXT}"

225 17:05:35 done

226 17:05:35 if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

227 17:05:35 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

228 17:05:35 echo "Copying ${final_image_url} to ${final_image_url}${_EXT}"

229 17:05:35 copy_image "${final_image_url}" "${final_image_url}${_EXT}"

230 17:05:35 for _TAG in $CONTAINER_IMAGE_TAG; do

231 17:05:35 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

232 17:05:35 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}"

233 17:05:35 done

234 17:05:35 fi

235 17:05:35 exit 0

236 17:05:35 fi

237 17:05:35 section_end:1777827934:section_script_step_12

238 17:05:35 $ DESTINATIONS="--destination=$final_image_url"

239 17:05:35 section_start:1777827935:section_script_step_14[hide_duration=true,collapsed=true] $ if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

240 17:05:35 _EXT=""

241 17:05:35 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

242 17:05:35 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

243 17:05:35 _EXT="-MR${CI_MERGE_REQUEST_IID}"

244 17:05:35 TIMESTAMP_TAGS=""

245 17:05:35 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

246 17:05:35 _EXT="-${CI_COMMIT_REF_SLUG}"

247 17:05:35 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

248 17:05:35 fi

249 17:05:35 section_end:1777827935:section_script_step_14

250 17:05:35 section_start:1777827935:section_script_step_15[hide_duration=true,collapsed=true] $ for _TAG in $CONTAINER_IMAGE_TAG; do

251 17:05:35 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

252 17:05:35 done

253 17:05:35 section_end:1777827935:section_script_step_15

254 17:05:35 section_start:1777827935:section_script_step_16[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

255 17:05:35 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

256 17:05:35 DESTINATIONS="${DESTINATIONS} --destination=${final_image_url}${_EXT}"

257 17:05:35 for _TAG in $CONTAINER_IMAGE_TAG; do

258 17:05:35 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

259 17:05:35 done

260 17:05:35 fi

261 17:05:35 section_end:1777827935:section_script_step_16

262 17:05:35 section_start:1777827935:section_script_step_17[hide_duration=true,collapsed=true] $ DATE=$(date '+%Y%m%d')

263 17:05:35 for _TAG in $TIMESTAMP_TAGS; do

264 17:05:35 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}-CI${CI_JOB_ID}-${DATE}"

265 17:05:35 done

266 17:05:35 section_end:1777827935:section_script_step_17

267 17:05:35 section_start:1777827935:section_script_step_18[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_BUILD_ARGS}" ]; then

268 17:05:35 for _BUILD_ARG in $CONTAINER_BUILD_ARGS; do

269 17:05:35 FINAL_BUILD_ARGS="--build-arg $_BUILD_ARG $FINAL_BUILD_ARGS"

270 17:05:35 done

271 17:05:35 fi

272 17:05:35 section_end:1777827935:section_script_step_18

273 17:05:35 section_start:1777827935:section_script_step_19[hide_duration=true,collapsed=true] $ for _PATH in $CONTAINER_IGNORE_PATHS; do

274 17:05:35 FINAL_IGNORE_PATHS="--ignore-path=$_PATH $FINAL_IGNORE_PATHS"

275 17:05:35 done

276 17:05:35 section_end:1777827935:section_script_step_19

277 17:05:35 section_start:1777827935:section_script_step_20[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_PLATFORM}" ]; then

278 17:05:35 KANIKO_PLATFORM="--custom-platform=${CONTAINER_PLATFORM}"

279 17:05:35 fi

280 17:05:35 section_end:1777827935:section_script_step_20

281 17:05:35 $ ANNOTATIONS=""

282 17:05:35 section_start:1777827935:section_script_step_22[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_REF_NAME" ]]; then

283 17:05:35 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"

284 17:05:35 fi

285 17:05:35 section_end:1777827935:section_script_step_22

286 17:05:35 section_start:1777827935:section_script_step_23[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_SHA" ]]; then

287 17:05:35 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.revision=${CI_COMMIT_SHA}"

288 17:05:35 fi

289 17:05:35 section_end:1777827935:section_script_step_23

290 17:05:35 section_start:1777827935:section_script_step_24[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_URL" ]]; then

291 17:05:35 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.url=${CI_JOB_URL}"

292 17:05:35 fi

293 17:05:35 section_end:1777827935:section_script_step_24

294 17:05:35 section_start:1777827935:section_script_step_25[hide_duration=true,collapsed=true] $ if [[ -n "$CI_PIPELINE_ID" ]]; then

295 17:05:35 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.pipeline_id=${CI_PIPELINE_ID}"

296 17:05:35 fi

297 17:05:35 section_end:1777827935:section_script_step_25

298 17:05:35 section_start:1777827935:section_script_step_26[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_ID" ]]; then

299 17:05:35 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_id=${CI_JOB_ID}"

300 17:05:35 fi

301 17:05:35 section_end:1777827935:section_script_step_26

302 17:05:35 section_start:1777827935:section_script_step_27[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_IMAGE" ]]; then

303 17:05:35 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_image=${CI_JOB_IMAGE}"

304 17:05:35 fi

305 17:05:35 section_end:1777827935:section_script_step_27

306 17:05:35 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.title=${final_image_name}:$(echo $CONTAINER_IMAGE_TAG | cut -d' ' -f1)"

307 17:05:35 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)"

308 17:05:35 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.vendor=Scandit"

309 17:05:35 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.scandit.ci.hash=${docker_checksum}"

310 17:05:35 section_start:1777827935:section_script_step_32[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_TARGET_STAGE}" ]; then

311 17:05:35 KANIKO_TARGET="--target $CONTAINER_TARGET_STAGE"

312 17:05:35 fi

313 17:05:35 section_end:1777827935:section_script_step_32

314 17:05:35 $ set -x

315 17:05:35 + echo '$ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS'

316 17:05:35 $ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS

317 17:05:35 + /kaniko/executor --context /build/internal/gitlab-templates/context/ --dockerfile Dockerfile.dhi '--destination=registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' '--destination=registry.scandit.com/internal/gitlab-templates:latest' '--destination=registry.scandit.com/internal/gitlab-templates:latest-CI54273475-20260503' '--cache=true' --cache-copy-layers --cache-dir /cache/kaniko --cache-repo registry.scandit.com/internal/gitlab-templates/cache '--cache-ttl=336h' --annotation 'org.opencontainers.image.ref.name=master' --annotation 'org.opencontainers.image.revision=3284003440e09877917148c203626f055079d1b3' --annotation 'org.opencontainers.image.url=https://gitlab.scandit.com/internal/gitlab-templates/-/jobs/54273475' --annotation 'io.gitlab.ci.pipeline_id=1576293' --annotation 'io.gitlab.ci.job_id=54273475' --annotation 'io.gitlab.ci.job_image=registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac' --annotation 'org.opencontainers.image.title=registry.scandit.com/internal/gitlab-templates:latest' --annotation 'org.opencontainers.image.created=2026-05-03T17:05:35Z' --annotation 'org.opencontainers.image.vendor=Scandit' --annotation 'io.scandit.ci.hash=7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' --preserve-context '--credential-helpers=gitlab' --secret 'id=netrc,src=/kaniko/.netrc' --secret 'id=ci_job_token,env=CI_JOB_TOKEN'

318 17:05:35 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

319 17:05:35 INFO[0000] Retrieving image manifest dhi.io/debian-base:trixie-dev

320 17:05:35 INFO[0000] Retrieving image dhi.io/debian-base:trixie-dev from registry dhi.io

321 17:05:35 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

322 17:05:36 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

323 17:05:36 INFO[0001] Returning cached image manifest

324 17:05:37 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

325 17:05:37 INFO[0001] Returning cached image manifest

326 17:05:37 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

327 17:05:37 INFO[0001] Returning cached image manifest

328 17:05:37 INFO[0001] Built cross stage deps: map[]

329 17:05:37 INFO[0001] Skipping context snapshot as no-one requires it

330 17:05:37 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

331 17:05:37 INFO[0001] Returning cached image manifest

332 17:05:37 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

333 17:05:37 INFO[0001] Returning cached image manifest

334 17:05:37 INFO[0001] Building stage 'dhi.io/debian-base:trixie-dev' [idx: '0', base-idx: '-1']

335 17:05:37 INFO[0001] Checking for cached layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc...

336 17:05:37 INFO[0001] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

337 17:05:37 INFO[0001] No cached layer found for cmd RUN whoami

338 17:05:37 INFO[0001] Unpacking rootfs as cmd RUN whoami requires it.

339 17:05:40 INFO[0005] RUN whoami

340 17:05:40 INFO[0005] Initializing snapshotter ...

341 17:05:40 INFO[0005] Taking snapshot of full filesystem...

342 17:05:41 INFO[0006] Cmd: /bin/sh

343 17:05:41 INFO[0006] Args: [-c whoami]

344 17:05:41 INFO[0006] Util.Lookup returned: &{Uid:0 Gid:0 Username:root Name:root HomeDir:/root}

345 17:05:41 INFO[0006] Performing slow lookup of group ids for root

346 17:05:41 INFO[0006] Running: [/kaniko/tini -s -- /bin/sh -c whoami]

347 17:05:41 root

348 17:05:41 INFO[0006] Taking snapshot of full filesystem...

349 17:05:42 INFO[0007] Pushing layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc to cache now

350 17:05:42 INFO[0007] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

351 17:05:42 INFO[0007] Pushing image to registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc

352 17:05:42 INFO[0007] Pushed registry.scandit.com/internal/gitlab-templates/cache@sha256:6332c52f512910f6e15daa80fb09c705f67742ad5c99b887488e1c3ef88c5495

353 17:05:42 INFO[0007] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

354 17:05:42 INFO[0007] Pushing image to registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5

355 17:05:43 INFO[0008] Pushed registry.scandit.com/internal/gitlab-templates@sha256:c8442aafbccac42d753407b25d21fec2b372e9b4e8acf9c3ba2a58d28111571b

356 17:05:43 INFO[0008] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

357 17:05:43 INFO[0008] Pushing image to registry.scandit.com/internal/gitlab-templates:latest

358 17:05:43 INFO[0008] Pushed registry.scandit.com/internal/gitlab-templates@sha256:c8442aafbccac42d753407b25d21fec2b372e9b4e8acf9c3ba2a58d28111571b

359 17:05:43 INFO[0008] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

360 17:05:43 INFO[0008] Pushing image to registry.scandit.com/internal/gitlab-templates:latest-CI54273475-20260503

361 17:05:43 INFO[0008] Pushed registry.scandit.com/internal/gitlab-templates@sha256:c8442aafbccac42d753407b25d21fec2b372e9b4e8acf9c3ba2a58d28111571b

362 17:05:43 + cleanup

363 17:05:43 + rv=0

364 17:05:43 + '[' 0 -ne 0 ]

365 17:05:43 + echo

366 17:05:43

367 17:05:43 + echo 'Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54273475'

368 17:05:43 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54273475

369 17:05:43 + echo

370 17:05:43

371 17:05:43 + echo

372 17:05:43

373 17:05:43 + echo 'Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci9&var-namespace=gitlab-runner&var-pod=runner-ap4tcsxyp-project-621-concurrent-2-tndvqiac&var-resolution=15&from=1777827934000&to=1777827943000'

374 17:05:43 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci9&var-namespace=gitlab-runner&var-pod=runner-ap4tcsxyp-project-621-concurrent-2-tndvqiac&var-resolution=15&from=1777827934000&to=1777827943000

375 17:05:43 + echo 'Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci9&var-resolution=15s&from=1777827934000&to=1777827943000'

376 17:05:43 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci9&var-resolution=15s&from=1777827934000&to=1777827943000

377 17:05:43 + echo 'Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1576293&var-filters=CI_JOB_ID%7C%3D%7C54273475&sortOrder=Ascending&from=1777827934000&to=1777827943000'

378 17:05:43 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1576293&var-filters=CI_JOB_ID%7C%3D%7C54273475&sortOrder=Ascending&from=1777827934000&to=1777827943000

379 17:05:43 + date -d @1777223143 '+%Y-%m-%d'

380 17:05:43 + __date_from=2026-04-26

381 17:05:43 + date -d @1778432743 '+%Y-%m-%d'

382 17:05:43 + __date_to=2026-05-10

383 17:05:43 + echo 'Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-26~2026-05-10&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates'

384 17:05:43 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-26~2026-05-10&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

385 17:05:43 + echo

386 17:05:43

387 17:05:43 + exit 0

388 17:05:43

389 17:05:43 section_end:1777827943:step_script

390 17:05:43 +section_start:1777827943:upload_artifacts_on_success

391 17:05:43 +Uploading artifacts for successful job

392 17:05:44 Uploading artifacts...

393 17:05:44 docker_image_build.env: found 1 matching artifact files and directories

394 17:05:44 Uploading artifacts as "dotenv" to coordinator... 201 Created correlation_id=01KQQCV5S8QBGG8ZSEYAES0H4M id=54273475 responseStatus=201 Created token=64_dYxs-s

395 17:05:44

396 17:05:44 section_end:1777827944:upload_artifacts_on_success

397 17:05:44 +section_start:1777827944:cleanup_file_variables

398 17:05:44 +Cleaning up project directory and file based variables

399 17:05:45 Removing context/

400 17:05:45 Removing docker_image_build.env

401 17:05:45 HEAD is now at 3284003 Merge branch 'renovate/docker-digests' into 'master'

402 17:05:45

403 17:05:45 section_end:1777827945:cleanup_file_variables

404 17:05:45 +

405 17:05:45 Job succeeded

406

build-python3-image-with-docker-hardened-image ○ success

Job Execution Phases

Full Job Log