Job Analysis

1 22:37:30 Running with gitlab-runner 18.9.0 (07e534ba)

2 22:37:30 on gitlab-runner-linux-1-746bdd58fd-4cqkw wRxjPbsJX, system ID: r_f0gJVPIyznax

3 22:37:30 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true

4 22:37:30 Resolving secrets

5 22:37:30 section_start:1778020650:prepare_executor

6 22:37:30 +Preparing the "kubernetes" executor

7 22:37:30 "CPURequest" overwritten with "2"

8 22:37:30 "MemoryRequest" overwritten with "4G"

9 22:37:30 Using Kubernetes namespace: gitlab-runner

10 22:37:30 Using Kubernetes executor with image registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac ...

11 22:37:30 Using attach strategy to execute scripts...

12 22:37:30 Using effective pull policy of [Always] for container init-permissions

13 22:37:30 Using effective pull policy of [Always] for container build

14 22:37:30 Using effective pull policy of [Always] for container helper

15 22:37:31 section_end:1778020651:prepare_executor

16 22:37:31 +section_start:1778020651:prepare_script

17 22:37:31 +Preparing environment

18 22:37:31 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...

19 22:37:31 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...

20 22:37:31 Subscribing to Kubernetes Pod events...

21 22:37:31 Type Reason Message

22 22:37:31 Normal Scheduled Successfully assigned gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-2-2d6ehe5r to ip-10-0-36-227.eu-central-1.compute.internal

23 22:37:32 Normal Pulling Pulling image "gitlab/gitlab-runner-helper:x86_64-v18.8.0"

24 22:37:33 Normal Pulled Successfully pulled image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" in 936ms (936ms including waiting). Image size: 39949060 bytes.

25 22:37:33 Normal Created Created container: init-permissions

26 22:37:33 Normal Started Started container init-permissions

27 22:37:34 Normal TaintManagerEviction Cancelling deletion of Pod gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-2-2d6ehe5r

28 22:37:40 Normal Pulling Pulling image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/kaniko@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac"

29 22:37:48 Normal Pulled Successfully pulled image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/kaniko@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac" in 7.308s (7.308s including waiting). Image size: 49989654 bytes.

30 22:37:48 Normal Created Created container: build

31 22:37:48 Normal Started Started container build

32 22:37:48 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine

33 22:37:48 Normal Created Created container: helper

34 22:37:48 Normal Started Started container helper

35 22:37:50 Running on runner-wrxjpbsjx-project-621-concurrent-2-2d6ehe5r via gitlab-runner-linux-1-746bdd58fd-4cqkw...

36 22:37:50

37 22:37:50 section_end:1778020670:prepare_script

38 22:37:50 +section_start:1778020670:get_sources

39 22:37:50 +Getting source from Git repository

40 22:37:51 Gitaly correlation ID: 01KQX4M3E3XARATYGEK87W2SQE

41 22:37:51 Fetching changes with git depth set to 1...

42 22:37:51 Initialized empty Git repository in /build/internal/gitlab-templates/.git/

43 22:37:51 Created fresh repository.

44 22:37:51 Checking out 13881c4b as detached HEAD (ref is refs/merge-requests/638/merge)...

45 22:37:51

46 22:37:51 Skipping Git submodules setup

47 22:37:51

48 22:37:51 section_end:1778020671:get_sources

49 22:37:51 +section_start:1778020671:step_script

50 22:37:51 +Executing "step_script" stage of the job script

51 22:37:52 section_start:1778020671:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {

52 22:37:52 rv=$?

53 22:37:52 if [ $rv -ne 0 ]; then

54 22:37:52 echo ""

55 22:37:52 echo " Failure Cause Analysis might help, please open this link:"

56 22:37:52 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

57 22:37:52 echo ""

58 22:37:52 fi

59 22:37:52 echo ""

60 22:37:52 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

61 22:37:52 echo ""

62 22:37:52 echo ""

63 22:37:52 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"

64 22:37:52 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"

65 22:37:52 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"

66 22:37:52 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

67 22:37:52 echo ""

68 22:37:52 exit $rv

69 22:37:52 }

70 22:37:52 trap cleanup EXIT

71 22:37:52 echo "INFO: This is the CI job pre_build_script"

72 22:37:52 echo "INFO: It's defined in the backend/infra/aws repo."

73 22:37:52 echo "INFO: These additional Scandit variables are available to you:"

74 22:37:52 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"

75 22:37:52 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"

76 22:37:52 echo " SC_K8S_KYVERNO_PATCHES: |"

77 22:37:52 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'

78 22:37:52 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"

79 22:37:52 if command -v numfmt >/dev/null 2>&1; then

80 22:37:52 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"

81 22:37:52 else

82 22:37:52 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"

83 22:37:52 fi

84 22:37:52 __start_time=${EPOCHSECONDS}

85 22:37:52 echo ""

86 22:37:52 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"

87 22:37:52 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"

88 22:37:52 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"

89 22:37:52 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

90 22:37:52 echo ""

91 22:37:52 echo "Setting up credentials for Gitlab Python registries"

92 22:37:52 mkdir -p ~

93 22:37:52 echo "machine gitlab.scandit.com" > ~/.netrc

94 22:37:52 echo "login gitlab-ci-token" >> ~/.netrc

95 22:37:52 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc

96 22:37:52 chmod 600 ~/.netrc

97 22:37:52 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then

98 22:37:52 git config --global --add safe.directory $CI_PROJECT_DIR

99 22:37:52 fi

100 22:37:52 # Sonarqube server is running on the same cluster. Use internal address

101 22:37:52 export SONAR_HOST_URL="http://sonarqube.sonarqube.svc.cluster.local:9000"

102 22:37:52 section_end:1778020671:section_pre_build_script_0

103 22:37:52 INFO: This is the CI job pre_build_script

104 22:37:52 INFO: It's defined in the backend/infra/aws repo.

105 22:37:52 INFO: These additional Scandit variables are available to you:

106 22:37:52 SC_K8S_NODE_NAME: ip-10-0-36-227.eu-central-1.compute.internal

107 22:37:52 SC_K8S_IMAGE_ID:

108 22:37:52 SC_K8S_KYVERNO_PATCHES: |

109 22:37:52

110 22:37:52 cpu (r/l): 2/4

111 22:37:52 memory (r/l): 4000000000/17179869184

112 22:37:52

113 22:37:52 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-36-227.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-2d6ehe5r&var-resolution=15&from=1778020671000&to=now

114 22:37:52 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-36-227.eu-central-1.compute.internal&var-resolution=15s&from=1778020671000&to=now

115 22:37:52 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580353&var-filters=CI_JOB_ID|=|54442831&sortOrder=Ascending&from=1778020671000&to=now

116 22:37:52 date: invalid date '-7 days'

117 22:37:52 date: invalid date '+7 days'

118 22:37:52 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

119 22:37:52

120 22:37:52 Setting up credentials for Gitlab Python registries

121 22:37:52 $ echo $DOCKER_CONFIG_JSON > /kaniko/.docker/config.json

122 22:37:52 $ mv /root/.netrc /kaniko/.netrc

123 22:37:52 section_start:1778020671:section_script_step_2[hide_duration=true,collapsed=true] $ function copy_files() {

124 22:37:52 local src="$1"

125 22:37:52 local trg="$2"

126 22:37:52 for f in $src; do

127 22:37:52 t="$trg/`dirname $f`"

128 22:37:52 mkdir -p $t || true

129 22:37:52 echo "Copy $f"

130 22:37:52 cp -pr $f $trg/$f

131 22:37:52 done

132 22:37:52 }

133 22:37:52 function recursive_hash() {

134 22:37:52 local dir="$1"

135 22:37:52 find "$dir" -exec stat -c '%F|%a|%u:%g|%n' {} + -type f -exec sha256sum {} + | sort | sha256sum | cut -d ' ' -f1

136 22:37:52 }

137 22:37:52 function remote_docker_digest() {

138 22:37:52 local images="$1"

139 22:37:52 echo $images | xargs -n 1 crane digest

140 22:37:52 }

141 22:37:52 function remote_image_exists() {

142 22:37:52 local image="$1"

143 22:37:52 crane manifest $image > /dev/null 2>&1

144 22:37:52 }

145 22:37:52 function remote_images_are_identical() {

146 22:37:52 local imageA="$1"

147 22:37:52 local imageB="$2"

148 22:37:52 if [[ $(remote_docker_digest "$imageA") == $(remote_docker_digest "$imageB") ]]; then

149 22:37:52 return 0

150 22:37:52 else

151 22:37:52 return 1

152 22:37:52 fi

153 22:37:52 }

154 22:37:52 function copy_image() {

155 22:37:52 local image="$1"

156 22:37:52 local remotes="$2"

157 22:37:52 local backup_ext="$3"

158 22:37:52 echo "$image"

159 22:37:52 local source_digest=$(remote_docker_digest $image)

160 22:37:52 local target_digest

161 22:37:52 for registry in $remotes; do

162 22:37:52 if target_digest=$(remote_docker_digest $registry); then

163 22:37:52 if [ "$target_digest" != "$source_digest" ]; then

164 22:37:52 echo "image outdated, overwriting with newest version"

165 22:37:52 crane copy $image $registry

166 22:37:52 crane copy $image ${registry}${backup_ext}

167 22:37:52 fi

168 22:37:52 else

169 22:37:52 echo "image does not exist, writing newest version"

170 22:37:52 crane copy $image $registry

171 22:37:52 crane copy $image ${registry}${backup_ext}

172 22:37:52 fi

173 22:37:52 done

174 22:37:52 }

175 22:37:52 section_end:1778020671:section_script_step_2

176 22:37:52 section_start:1778020671:section_script_step_3[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_SUBDIR" != "" ]; then

177 22:37:52 echo "Entering subpath $CONTAINER_SUBDIR"

178 22:37:52 cd $CONTAINER_SUBDIR

179 22:37:52 fi

180 22:37:52 section_end:1778020671:section_script_step_3

181 22:37:52 $ copy_files "$CONTAINER_IMPLICIT_REQUIREMENTS $CONTAINER_REQUIREMENTS" "$CONTAINER_CONTEXT_PATH"

182 22:37:52 Copy Dockerfile.dhi

183 22:37:52 $ echo "$CONTAINER_BUILD_ENVIRONMENT" > $CONTAINER_CONTEXT_PATH/.docker-build-env

184 22:37:52 $ docker_checksum=$(recursive_hash $CONTAINER_CONTEXT_PATH)

185 22:37:52 section_start:1778020671:section_script_step_7[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_IMAGE_NAME" == "" ]; then

186 22:37:52 final_image_name=${CONTAINER_IMAGE_URL}

187 22:37:52 else

188 22:37:52 final_image_name=${CONTAINER_IMAGE_URL}/${CONTAINER_IMAGE_NAME}

189 22:37:52 fi

190 22:37:52 section_end:1778020671:section_script_step_7

191 22:37:52 $ final_image_url=${final_image_name}:${docker_checksum}

192 22:37:52 section_start:1778020671:section_script_step_9[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

193 22:37:52 echo $CONTAINER_IMAGE_VARIABLE=${final_image_url}-P${CI_PROJECT_ID}-${CI_PIPELINE_ID} > $CI_PROJECT_DIR/docker_image_build.env

194 22:37:52 else

195 22:37:52 echo $CONTAINER_IMAGE_VARIABLE=$final_image_url > $CI_PROJECT_DIR/docker_image_build.env

196 22:37:52 fi

197 22:37:52 section_end:1778020671:section_script_step_9

198 22:37:52 $ echo ${CONTAINER_IMAGE_VARIABLE}_HASH=$docker_checksum >> $CI_PROJECT_DIR/docker_image_build.env

199 22:37:52 section_start:1778020671:section_script_step_11[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] || command -v crane &> /dev/null; then

200 22:37:52 echo $REGISTRY_PASSWORD | crane auth login $REGISTRY -u $REGISTRY_USER --password-stdin

201 22:37:52 fi

202 22:37:52 section_end:1778020671:section_script_step_11

203 22:37:52

204 22:37:52 WARNING! Your credentials are stored unencrypted in '/kaniko/.docker/config.json'.

205 22:37:52 Configure a credential helper to remove this warning. See

206 22:37:52 https://docs.docker.com/go/credential-store/

207 22:37:52

208 22:37:52 2026/05/05 22:37:51 logged in via /kaniko/.docker/config.json

209 22:37:52 section_start:1778020671:section_script_step_12[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] && remote_image_exists "$final_image_url"; then

210 22:37:52 echo "Image already exists, skip the build."

211 22:37:52 echo "$final_image_url"

212 22:37:52 if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

213 22:37:52 _EXT=""

214 22:37:52 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

215 22:37:52 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

216 22:37:52 _EXT="-MR${CI_MERGE_REQUEST_IID}"

217 22:37:52 _BACKUP_EXT=""

218 22:37:52 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

219 22:37:52 _EXT="-${CI_COMMIT_REF_SLUG}"

220 22:37:52 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

221 22:37:52 fi

222 22:37:52 for _TAG in $CONTAINER_IMAGE_TAG; do

223 22:37:52 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

224 22:37:52 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}" "${_BACKUP_EXT}"

225 22:37:52 done

226 22:37:52 if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

227 22:37:52 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

228 22:37:52 echo "Copying ${final_image_url} to ${final_image_url}${_EXT}"

229 22:37:52 copy_image "${final_image_url}" "${final_image_url}${_EXT}"

230 22:37:52 for _TAG in $CONTAINER_IMAGE_TAG; do

231 22:37:52 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

232 22:37:52 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}"

233 22:37:52 done

234 22:37:52 fi

235 22:37:52 exit 0

236 22:37:52 fi

237 22:37:52 section_end:1778020671:section_script_step_12

238 22:37:52 $ DESTINATIONS="--destination=$final_image_url"

239 22:37:52 section_start:1778020672:section_script_step_14[hide_duration=true,collapsed=true] $ if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

240 22:37:52 _EXT=""

241 22:37:52 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

242 22:37:52 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

243 22:37:52 _EXT="-MR${CI_MERGE_REQUEST_IID}"

244 22:37:52 TIMESTAMP_TAGS=""

245 22:37:52 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

246 22:37:52 _EXT="-${CI_COMMIT_REF_SLUG}"

247 22:37:52 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

248 22:37:52 fi

249 22:37:52 section_end:1778020672:section_script_step_14

250 22:37:52 section_start:1778020672:section_script_step_15[hide_duration=true,collapsed=true] $ for _TAG in $CONTAINER_IMAGE_TAG; do

251 22:37:52 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

252 22:37:52 done

253 22:37:52 section_end:1778020672:section_script_step_15

254 22:37:52 section_start:1778020672:section_script_step_16[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

255 22:37:52 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

256 22:37:52 DESTINATIONS="${DESTINATIONS} --destination=${final_image_url}${_EXT}"

257 22:37:52 for _TAG in $CONTAINER_IMAGE_TAG; do

258 22:37:52 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

259 22:37:52 done

260 22:37:52 fi

261 22:37:52 section_end:1778020672:section_script_step_16

262 22:37:52 section_start:1778020672:section_script_step_17[hide_duration=true,collapsed=true] $ DATE=$(date '+%Y%m%d')

263 22:37:52 for _TAG in $TIMESTAMP_TAGS; do

264 22:37:52 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}-CI${CI_JOB_ID}-${DATE}"

265 22:37:52 done

266 22:37:52 section_end:1778020672:section_script_step_17

267 22:37:52 section_start:1778020672:section_script_step_18[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_BUILD_ARGS}" ]; then

268 22:37:52 for _BUILD_ARG in $CONTAINER_BUILD_ARGS; do

269 22:37:52 FINAL_BUILD_ARGS="--build-arg $_BUILD_ARG $FINAL_BUILD_ARGS"

270 22:37:52 done

271 22:37:52 fi

272 22:37:52 section_end:1778020672:section_script_step_18

273 22:37:52 section_start:1778020672:section_script_step_19[hide_duration=true,collapsed=true] $ for _PATH in $CONTAINER_IGNORE_PATHS; do

274 22:37:52 FINAL_IGNORE_PATHS="--ignore-path=$_PATH $FINAL_IGNORE_PATHS"

275 22:37:52 done

276 22:37:52 section_end:1778020672:section_script_step_19

277 22:37:52 section_start:1778020672:section_script_step_20[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_PLATFORM}" ]; then

278 22:37:52 KANIKO_PLATFORM="--custom-platform=${CONTAINER_PLATFORM}"

279 22:37:52 fi

280 22:37:52 section_end:1778020672:section_script_step_20

281 22:37:52 $ ANNOTATIONS=""

282 22:37:52 section_start:1778020672:section_script_step_22[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_REF_NAME" ]]; then

283 22:37:52 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"

284 22:37:52 fi

285 22:37:52 section_end:1778020672:section_script_step_22

286 22:37:52 section_start:1778020672:section_script_step_23[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_SHA" ]]; then

287 22:37:52 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.revision=${CI_COMMIT_SHA}"

288 22:37:52 fi

289 22:37:52 section_end:1778020672:section_script_step_23

290 22:37:52 section_start:1778020672:section_script_step_24[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_URL" ]]; then

291 22:37:52 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.url=${CI_JOB_URL}"

292 22:37:52 fi

293 22:37:52 section_end:1778020672:section_script_step_24

294 22:37:52 section_start:1778020672:section_script_step_25[hide_duration=true,collapsed=true] $ if [[ -n "$CI_PIPELINE_ID" ]]; then

295 22:37:52 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.pipeline_id=${CI_PIPELINE_ID}"

296 22:37:52 fi

297 22:37:52 section_end:1778020672:section_script_step_25

298 22:37:52 section_start:1778020672:section_script_step_26[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_ID" ]]; then

299 22:37:52 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_id=${CI_JOB_ID}"

300 22:37:52 fi

301 22:37:52 section_end:1778020672:section_script_step_26

302 22:37:52 section_start:1778020672:section_script_step_27[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_IMAGE" ]]; then

303 22:37:52 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_image=${CI_JOB_IMAGE}"

304 22:37:52 fi

305 22:37:52 section_end:1778020672:section_script_step_27

306 22:37:52 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.title=${final_image_name}:$(echo $CONTAINER_IMAGE_TAG | cut -d' ' -f1)"

307 22:37:52 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)"

308 22:37:52 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.vendor=Scandit"

309 22:37:52 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.scandit.ci.hash=${docker_checksum}"

310 22:37:52 section_start:1778020672:section_script_step_32[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_TARGET_STAGE}" ]; then

311 22:37:52 KANIKO_TARGET="--target $CONTAINER_TARGET_STAGE"

312 22:37:52 fi

313 22:37:52 section_end:1778020672:section_script_step_32

314 22:37:52 $ set -x

315 22:37:52 + echo '$ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS'

316 22:37:52 $ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS

317 22:37:52 + /kaniko/executor --context /build/internal/gitlab-templates/context/ --dockerfile Dockerfile.dhi '--destination=registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' '--destination=registry.scandit.com/internal/gitlab-templates:latest-MR638' '--cache=true' --cache-copy-layers --cache-dir /cache/kaniko --cache-repo registry.scandit.com/internal/gitlab-templates/cache '--cache-ttl=336h' --annotation 'org.opencontainers.image.ref.name=renovate/docker-digests' --annotation 'org.opencontainers.image.revision=13881c4b6fdf20bab880fa112f8539ca3626235b' --annotation 'org.opencontainers.image.url=https://gitlab.scandit.com/internal/gitlab-templates/-/jobs/54442831' --annotation 'io.gitlab.ci.pipeline_id=1580353' --annotation 'io.gitlab.ci.job_id=54442831' --annotation 'io.gitlab.ci.job_image=registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac' --annotation 'org.opencontainers.image.title=registry.scandit.com/internal/gitlab-templates:latest' --annotation 'org.opencontainers.image.created=2026-05-05T22:37:52Z' --annotation 'org.opencontainers.image.vendor=Scandit' --annotation 'io.scandit.ci.hash=7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' --preserve-context '--credential-helpers=gitlab' --secret 'id=netrc,src=/kaniko/.netrc' --secret 'id=ci_job_token,env=CI_JOB_TOKEN'

318 22:37:52 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

319 22:37:52 INFO[0000] Retrieving image manifest dhi.io/debian-base:trixie-dev

320 22:37:52 INFO[0000] Retrieving image dhi.io/debian-base:trixie-dev from registry dhi.io

321 22:37:52 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

322 22:37:53 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

323 22:37:53 INFO[0001] Returning cached image manifest

324 22:37:53 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

325 22:37:53 INFO[0001] Returning cached image manifest

326 22:37:53 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

327 22:37:53 INFO[0001] Returning cached image manifest

328 22:37:53 INFO[0001] Built cross stage deps: map[]

329 22:37:53 INFO[0001] Skipping context snapshot as no-one requires it

330 22:37:53 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

331 22:37:53 INFO[0001] Returning cached image manifest

332 22:37:53 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

333 22:37:53 INFO[0001] Returning cached image manifest

334 22:37:53 INFO[0001] Building stage 'dhi.io/debian-base:trixie-dev' [idx: '0', base-idx: '-1']

335 22:37:53 INFO[0001] Checking for cached layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc...

336 22:37:53 INFO[0001] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

337 22:37:54 INFO[0001] Using caching version of cmd: RUN whoami

338 22:37:54 INFO[0001] Skipping unpacking as no commands require it.

339 22:37:54 INFO[0001] RUN whoami

340 22:37:54 INFO[0001] Found cached layer, extracting to filesystem

341 22:37:54 INFO[0001] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

342 22:37:54 INFO[0001] Pushing image to registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5

343 22:37:55 INFO[0002] Pushed registry.scandit.com/internal/gitlab-templates@sha256:9d1300e6a9d4bc9f78d476dd2e373ca5e7fafadafd59da26a583236d16f61ac0

344 22:37:55 INFO[0002] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

345 22:37:55 INFO[0002] Pushing image to registry.scandit.com/internal/gitlab-templates:latest-MR638

346 22:37:55 INFO[0003] Pushed registry.scandit.com/internal/gitlab-templates@sha256:9d1300e6a9d4bc9f78d476dd2e373ca5e7fafadafd59da26a583236d16f61ac0

347 22:37:55 + cleanup

348 22:37:55 + rv=0

349 22:37:55 + '[' 0 -ne 0 ]

350 22:37:55 + echo

351 22:37:55

352 22:37:55 + echo 'Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54442831'

353 22:37:55 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54442831

354 22:37:55 + echo

355 22:37:55

356 22:37:55 + echo

357 22:37:55

358 22:37:55 + echo 'Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-36-227.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-2d6ehe5r&var-resolution=15&from=1778020671000&to=1778020675000'

359 22:37:55 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-36-227.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-2d6ehe5r&var-resolution=15&from=1778020671000&to=1778020675000

360 22:37:55 + echo 'Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-36-227.eu-central-1.compute.internal&var-resolution=15s&from=1778020671000&to=1778020675000'

361 22:37:55 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-36-227.eu-central-1.compute.internal&var-resolution=15s&from=1778020671000&to=1778020675000

362 22:37:55 + echo 'Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580353&var-filters=CI_JOB_ID|=|54442831&sortOrder=Ascending&from=1778020671000&to=1778020675000'

363 22:37:55 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580353&var-filters=CI_JOB_ID|=|54442831&sortOrder=Ascending&from=1778020671000&to=1778020675000

364 22:37:55 + date -d '-7 days' '+%Y-%m-%d'

365 22:37:55 date: invalid date '-7 days'

366 22:37:55 + date -d '+7 days' '+%Y-%m-%d'

367 22:37:55 date: invalid date '+7 days'

368 22:37:55 + echo 'Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates'

369 22:37:55 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

370 22:37:55 + echo

371 22:37:55

372 22:37:55 + exit 0

373 22:37:55

374 22:37:55 section_end:1778020675:step_script

375 22:37:55 +section_start:1778020675:upload_artifacts_on_success

376 22:37:55 +Uploading artifacts for successful job

377 22:37:56 Uploading artifacts...

378 22:37:56 docker_image_build.env: found 1 matching artifact files and directories

379 22:37:56 Uploading artifacts as "dotenv" to coordinator... 201 Created correlation_id=01KQX4MWBS2TRNBCJYQ51ZYNW9 id=54442831 responseStatus=201 Created token=64_LHG4Yd

380 22:37:56

381 22:37:56 section_end:1778020676:upload_artifacts_on_success

382 22:37:56 +section_start:1778020676:cleanup_file_variables

383 22:37:56 +Cleaning up project directory and file based variables

384 22:37:57

385 22:37:57 section_end:1778020677:cleanup_file_variables

386 22:37:57 +

387 22:37:57 Job succeeded

388

build-python3-image-with-docker-hardened-image ○ success

Job Execution Phases

Full Job Log