Job Analysis

1 22:38:14 Running with gitlab-runner 18.9.0 (07e534ba)

2 22:38:14 on gitlab-runner-linux-1-746bdd58fd-8bbzm wRxjPbsJX, system ID: r_DxKhvxXkpe6K

3 22:38:14 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true

4 22:38:14 Resolving secrets

5 22:38:14 section_start:1778020694:prepare_executor

6 22:38:14 +Preparing the "kubernetes" executor

7 22:38:14 "CPURequest" overwritten with "2"

8 22:38:14 "MemoryRequest" overwritten with "4G"

9 22:38:14 Using Kubernetes namespace: gitlab-runner

10 22:38:14 Using Kubernetes executor with image registry.scandit.com/dockerfiles/kaniko:v1.27.4-crane@sha256:fa662cefab90e8cde8767935540790733c85bd963f2c18b444d6595e3e91a0ff ...

11 22:38:14 Using attach strategy to execute scripts...

12 22:38:14 Using effective pull policy of [Always] for container init-permissions

13 22:38:14 Using effective pull policy of [Always] for container build

14 22:38:14 Using effective pull policy of [Always] for container helper

15 22:38:14 section_end:1778020694:prepare_executor

16 22:38:14 +section_start:1778020694:prepare_script

17 22:38:14 +Preparing environment

18 22:38:14 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...

19 22:38:14 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...

20 22:38:15 Subscribing to Kubernetes Pod events...

21 22:38:15 Type Reason Message

22 22:38:15 Warning FailedScheduling 0/31 nodes are available: 1 node(s) had untolerated taint {scandit.io/clickhouse: production}, 1 node(s) had untolerated taint {scandit.io/clickhouse: staging}, 1 node(s) had untolerated taint {scandit.io/sonarqube: dedicated}, 21 node(s) didn't match Pod's node affinity/selector, 7 Insufficient cpu. preemption: 0/31 nodes are available: 24 Preemption is not helpful for scheduling, 7 No preemption victims found for incoming pod.

23 22:38:17 Normal Scheduled Successfully assigned gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-2-wdro01e2 to ip-10-0-27-85.eu-central-1.compute.internal

24 22:38:18 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine

25 22:38:18 Normal Created Created container: init-permissions

26 22:38:18 Normal Started Started container init-permissions

27 22:38:25 Normal Pulled Container image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/kaniko@sha256:fa662cefab90e8cde8767935540790733c85bd963f2c18b444d6595e3e91a0ff" already present on machine

28 22:38:28 Normal Created Created container: build

29 22:38:28 Normal Started Started container build

30 22:38:28 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine

31 22:38:28 Normal Created Created container: helper

32 22:38:28 Normal Started Started container helper

33 22:38:30 Running on runner-wrxjpbsjx-project-621-concurrent-2-wdro01e2 via gitlab-runner-linux-1-746bdd58fd-8bbzm...

34 22:38:30

35 22:38:30 section_end:1778020710:prepare_script

36 22:38:30 +section_start:1778020710:get_sources

37 22:38:30 +Getting source from Git repository

38 22:38:32 Gitaly correlation ID: 01KQX4NDN0EP8A7429HY6VPWS6

39 22:38:32 Fetching changes with git depth set to 1...

40 22:38:32 Initialized empty Git repository in /build/internal/gitlab-templates/.git/

41 22:38:32 Created fresh repository.

42 22:38:33 Checking out 22f5b5c3 as detached HEAD (ref is refs/merge-requests/639/merge)...

43 22:38:33

44 22:38:33 Skipping Git submodules setup

45 22:38:33

46 22:38:33 section_end:1778020713:get_sources

47 22:38:33 +section_start:1778020713:step_script

48 22:38:33 +Executing "step_script" stage of the job script

49 22:38:33 section_start:1778020713:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {

50 22:38:33 rv=$?

51 22:38:33 if [ $rv -ne 0 ]; then

52 22:38:33 echo ""

53 22:38:33 echo " Failure Cause Analysis might help, please open this link:"

54 22:38:33 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

55 22:38:33 echo ""

56 22:38:33 fi

57 22:38:33 echo ""

58 22:38:33 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

59 22:38:33 echo ""

60 22:38:33 echo ""

61 22:38:33 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"

62 22:38:33 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"

63 22:38:33 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"

64 22:38:33 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

65 22:38:33 echo ""

66 22:38:33 exit $rv

67 22:38:33 }

68 22:38:33 trap cleanup EXIT

69 22:38:33 echo "INFO: This is the CI job pre_build_script"

70 22:38:33 echo "INFO: It's defined in the backend/infra/aws repo."

71 22:38:33 echo "INFO: These additional Scandit variables are available to you:"

72 22:38:33 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"

73 22:38:33 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"

74 22:38:33 echo " SC_K8S_KYVERNO_PATCHES: |"

75 22:38:33 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'

76 22:38:33 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"

77 22:38:33 if command -v numfmt >/dev/null 2>&1; then

78 22:38:33 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"

79 22:38:33 else

80 22:38:33 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"

81 22:38:33 fi

82 22:38:33 __start_time=${EPOCHSECONDS}

83 22:38:33 echo ""

84 22:38:33 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"

85 22:38:33 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"

86 22:38:33 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"

87 22:38:33 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

88 22:38:33 echo ""

89 22:38:33 echo "Setting up credentials for Gitlab Python registries"

90 22:38:33 mkdir -p ~

91 22:38:33 echo "machine gitlab.scandit.com" > ~/.netrc

92 22:38:33 echo "login gitlab-ci-token" >> ~/.netrc

93 22:38:33 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc

94 22:38:33 chmod 600 ~/.netrc

95 22:38:33 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then

96 22:38:33 git config --global --add safe.directory $CI_PROJECT_DIR

97 22:38:33 fi

98 22:38:33 # Sonarqube server is running on the same cluster. Use internal address

99 22:38:33 export SONAR_HOST_URL="http://sonarqube.sonarqube.svc.cluster.local:9000"

100 22:38:33 section_end:1778020713:section_pre_build_script_0

101 22:38:33 INFO: This is the CI job pre_build_script

102 22:38:33 INFO: It's defined in the backend/infra/aws repo.

103 22:38:33 INFO: These additional Scandit variables are available to you:

104 22:38:33 SC_K8S_NODE_NAME: ip-10-0-27-85.eu-central-1.compute.internal

105 22:38:33 SC_K8S_IMAGE_ID:

106 22:38:33 SC_K8S_KYVERNO_PATCHES: |

107 22:38:33

108 22:38:33 cpu (r/l): 2/4

109 22:38:33 memory (r/l): 4000000000/17179869184

110 22:38:33

111 22:38:33 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-27-85.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-wdro01e2&var-resolution=15&from=1778020713000&to=now

112 22:38:33 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-27-85.eu-central-1.compute.internal&var-resolution=15s&from=1778020713000&to=now

113 22:38:33 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580356&var-filters=CI_JOB_ID|=|54442910&sortOrder=Ascending&from=1778020713000&to=now

114 22:38:33 date: invalid date '-7 days'

115 22:38:33 date: invalid date '+7 days'

116 22:38:33 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

117 22:38:33

118 22:38:33 Setting up credentials for Gitlab Python registries

119 22:38:33 $ echo $DOCKER_CONFIG_JSON > /kaniko/.docker/config.json

120 22:38:34 $ mv /root/.netrc /kaniko/.netrc

121 22:38:34 section_start:1778020714:section_script_step_2[hide_duration=true,collapsed=true] $ function copy_files() {

122 22:38:34 local src="$1"

123 22:38:34 local trg="$2"

124 22:38:34 for f in $src; do

125 22:38:34 t="$trg/`dirname $f`"

126 22:38:34 mkdir -p $t || true

127 22:38:34 echo "Copy $f"

128 22:38:34 cp -pr $f $trg/$f

129 22:38:34 done

130 22:38:34 }

131 22:38:34 function recursive_hash() {

132 22:38:34 local dir="$1"

133 22:38:34 find "$dir" -exec stat -c '%F|%a|%u:%g|%n' {} + -type f -exec sha256sum {} + | sort | sha256sum | cut -d ' ' -f1

134 22:38:34 }

135 22:38:34 function remote_docker_digest() {

136 22:38:34 local images="$1"

137 22:38:34 echo $images | xargs -n 1 crane digest

138 22:38:34 }

139 22:38:34 function remote_image_exists() {

140 22:38:34 local image="$1"

141 22:38:34 crane manifest $image > /dev/null 2>&1

142 22:38:34 }

143 22:38:34 function remote_images_are_identical() {

144 22:38:34 local imageA="$1"

145 22:38:34 local imageB="$2"

146 22:38:34 if [[ $(remote_docker_digest "$imageA") == $(remote_docker_digest "$imageB") ]]; then

147 22:38:34 return 0

148 22:38:34 else

149 22:38:34 return 1

150 22:38:34 fi

151 22:38:34 }

152 22:38:34 function copy_image() {

153 22:38:34 local image="$1"

154 22:38:34 local remotes="$2"

155 22:38:34 local backup_ext="$3"

156 22:38:34 echo "$image"

157 22:38:34 local source_digest=$(remote_docker_digest $image)

158 22:38:34 local target_digest

159 22:38:34 for registry in $remotes; do

160 22:38:34 if target_digest=$(remote_docker_digest $registry); then

161 22:38:34 if [ "$target_digest" != "$source_digest" ]; then

162 22:38:34 echo "image outdated, overwriting with newest version"

163 22:38:34 crane copy $image $registry

164 22:38:34 crane copy $image ${registry}${backup_ext}

165 22:38:34 fi

166 22:38:34 else

167 22:38:34 echo "image does not exist, writing newest version"

168 22:38:34 crane copy $image $registry

169 22:38:34 crane copy $image ${registry}${backup_ext}

170 22:38:34 fi

171 22:38:34 done

172 22:38:34 }

173 22:38:34 section_end:1778020714:section_script_step_2

174 22:38:34 section_start:1778020714:section_script_step_3[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_SUBDIR" != "" ]; then

175 22:38:34 echo "Entering subpath $CONTAINER_SUBDIR"

176 22:38:34 cd $CONTAINER_SUBDIR

177 22:38:34 fi

178 22:38:34 section_end:1778020714:section_script_step_3

179 22:38:34 $ copy_files "$CONTAINER_IMPLICIT_REQUIREMENTS $CONTAINER_REQUIREMENTS" "$CONTAINER_CONTEXT_PATH"

180 22:38:34 Copy Dockerfile.dhi

181 22:38:34 $ echo "$CONTAINER_BUILD_ENVIRONMENT" > $CONTAINER_CONTEXT_PATH/.docker-build-env

182 22:38:34 $ docker_checksum=$(recursive_hash $CONTAINER_CONTEXT_PATH)

183 22:38:34 section_start:1778020714:section_script_step_7[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_IMAGE_NAME" == "" ]; then

184 22:38:34 final_image_name=${CONTAINER_IMAGE_URL}

185 22:38:34 else

186 22:38:34 final_image_name=${CONTAINER_IMAGE_URL}/${CONTAINER_IMAGE_NAME}

187 22:38:34 fi

188 22:38:34 section_end:1778020714:section_script_step_7

189 22:38:34 $ final_image_url=${final_image_name}:${docker_checksum}

190 22:38:34 section_start:1778020714:section_script_step_9[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

191 22:38:34 echo $CONTAINER_IMAGE_VARIABLE=${final_image_url}-P${CI_PROJECT_ID}-${CI_PIPELINE_ID} > $CI_PROJECT_DIR/docker_image_build.env

192 22:38:34 else

193 22:38:34 echo $CONTAINER_IMAGE_VARIABLE=$final_image_url > $CI_PROJECT_DIR/docker_image_build.env

194 22:38:34 fi

195 22:38:34 section_end:1778020714:section_script_step_9

196 22:38:34 $ echo ${CONTAINER_IMAGE_VARIABLE}_HASH=$docker_checksum >> $CI_PROJECT_DIR/docker_image_build.env

197 22:38:34 section_start:1778020714:section_script_step_11[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] || command -v crane &> /dev/null; then

198 22:38:34 echo $REGISTRY_PASSWORD | crane auth login $REGISTRY -u $REGISTRY_USER --password-stdin

199 22:38:34 fi

200 22:38:34 section_end:1778020714:section_script_step_11

201 22:38:34

202 22:38:34 WARNING! Your credentials are stored unencrypted in '/kaniko/.docker/config.json'.

203 22:38:34 Configure a credential helper to remove this warning. See

204 22:38:34 https://docs.docker.com/go/credential-store/

205 22:38:34

206 22:38:34 2026/05/05 22:38:34 logged in via /kaniko/.docker/config.json

207 22:38:34 section_start:1778020714:section_script_step_12[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] && remote_image_exists "$final_image_url"; then

208 22:38:34 echo "Image already exists, skip the build."

209 22:38:34 echo "$final_image_url"

210 22:38:34 if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

211 22:38:34 _EXT=""

212 22:38:34 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

213 22:38:34 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

214 22:38:34 _EXT="-MR${CI_MERGE_REQUEST_IID}"

215 22:38:34 _BACKUP_EXT=""

216 22:38:34 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

217 22:38:34 _EXT="-${CI_COMMIT_REF_SLUG}"

218 22:38:34 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

219 22:38:34 fi

220 22:38:34 for _TAG in $CONTAINER_IMAGE_TAG; do

221 22:38:34 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

222 22:38:34 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}" "${_BACKUP_EXT}"

223 22:38:34 done

224 22:38:34 if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

225 22:38:34 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

226 22:38:34 echo "Copying ${final_image_url} to ${final_image_url}${_EXT}"

227 22:38:34 copy_image "${final_image_url}" "${final_image_url}${_EXT}"

228 22:38:34 for _TAG in $CONTAINER_IMAGE_TAG; do

229 22:38:34 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

230 22:38:34 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}"

231 22:38:34 done

232 22:38:34 fi

233 22:38:34 exit 0

234 22:38:34 fi

235 22:38:34 section_end:1778020714:section_script_step_12

236 22:38:34 $ DESTINATIONS="--destination=$final_image_url"

237 22:38:34 section_start:1778020714:section_script_step_14[hide_duration=true,collapsed=true] $ if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

238 22:38:34 _EXT=""

239 22:38:34 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

240 22:38:34 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

241 22:38:34 _EXT="-MR${CI_MERGE_REQUEST_IID}"

242 22:38:34 TIMESTAMP_TAGS=""

243 22:38:34 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

244 22:38:34 _EXT="-${CI_COMMIT_REF_SLUG}"

245 22:38:34 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

246 22:38:34 fi

247 22:38:34 section_end:1778020714:section_script_step_14

248 22:38:34 section_start:1778020714:section_script_step_15[hide_duration=true,collapsed=true] $ for _TAG in $CONTAINER_IMAGE_TAG; do

249 22:38:34 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

250 22:38:34 done

251 22:38:34 section_end:1778020714:section_script_step_15

252 22:38:34 section_start:1778020714:section_script_step_16[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

253 22:38:34 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

254 22:38:34 DESTINATIONS="${DESTINATIONS} --destination=${final_image_url}${_EXT}"

255 22:38:34 for _TAG in $CONTAINER_IMAGE_TAG; do

256 22:38:34 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

257 22:38:34 done

258 22:38:34 fi

259 22:38:34 section_end:1778020714:section_script_step_16

260 22:38:34 section_start:1778020714:section_script_step_17[hide_duration=true,collapsed=true] $ DATE=$(date '+%Y%m%d')

261 22:38:34 for _TAG in $TIMESTAMP_TAGS; do

262 22:38:34 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}-CI${CI_JOB_ID}-${DATE}"

263 22:38:34 done

264 22:38:34 section_end:1778020714:section_script_step_17

265 22:38:34 section_start:1778020714:section_script_step_18[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_BUILD_ARGS}" ]; then

266 22:38:34 for _BUILD_ARG in $CONTAINER_BUILD_ARGS; do

267 22:38:34 FINAL_BUILD_ARGS="--build-arg $_BUILD_ARG $FINAL_BUILD_ARGS"

268 22:38:34 done

269 22:38:34 fi

270 22:38:34 section_end:1778020714:section_script_step_18

271 22:38:34 section_start:1778020714:section_script_step_19[hide_duration=true,collapsed=true] $ for _PATH in $CONTAINER_IGNORE_PATHS; do

272 22:38:34 FINAL_IGNORE_PATHS="--ignore-path=$_PATH $FINAL_IGNORE_PATHS"

273 22:38:34 done

274 22:38:34 section_end:1778020714:section_script_step_19

275 22:38:34 section_start:1778020714:section_script_step_20[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_PLATFORM}" ]; then

276 22:38:34 KANIKO_PLATFORM="--custom-platform=${CONTAINER_PLATFORM}"

277 22:38:34 fi

278 22:38:34 section_end:1778020714:section_script_step_20

279 22:38:34 $ ANNOTATIONS=""

280 22:38:34 section_start:1778020714:section_script_step_22[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_REF_NAME" ]]; then

281 22:38:34 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"

282 22:38:34 fi

283 22:38:34 section_end:1778020714:section_script_step_22

284 22:38:34 section_start:1778020714:section_script_step_23[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_SHA" ]]; then

285 22:38:34 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.revision=${CI_COMMIT_SHA}"

286 22:38:34 fi

287 22:38:34 section_end:1778020714:section_script_step_23

288 22:38:34 section_start:1778020714:section_script_step_24[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_URL" ]]; then

289 22:38:34 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.url=${CI_JOB_URL}"

290 22:38:34 fi

291 22:38:34 section_end:1778020714:section_script_step_24

292 22:38:34 section_start:1778020714:section_script_step_25[hide_duration=true,collapsed=true] $ if [[ -n "$CI_PIPELINE_ID" ]]; then

293 22:38:34 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.pipeline_id=${CI_PIPELINE_ID}"

294 22:38:34 fi

295 22:38:34 section_end:1778020714:section_script_step_25

296 22:38:34 section_start:1778020714:section_script_step_26[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_ID" ]]; then

297 22:38:34 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_id=${CI_JOB_ID}"

298 22:38:34 fi

299 22:38:34 section_end:1778020714:section_script_step_26

300 22:38:34 section_start:1778020714:section_script_step_27[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_IMAGE" ]]; then

301 22:38:34 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_image=${CI_JOB_IMAGE}"

302 22:38:34 fi

303 22:38:34 section_end:1778020714:section_script_step_27

304 22:38:34 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.title=${final_image_name}:$(echo $CONTAINER_IMAGE_TAG | cut -d' ' -f1)"

305 22:38:34 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)"

306 22:38:34 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.vendor=Scandit"

307 22:38:34 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.scandit.ci.hash=${docker_checksum}"

308 22:38:34 section_start:1778020714:section_script_step_32[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_TARGET_STAGE}" ]; then

309 22:38:34 KANIKO_TARGET="--target $CONTAINER_TARGET_STAGE"

310 22:38:34 fi

311 22:38:34 section_end:1778020714:section_script_step_32

312 22:38:34 $ set -x

313 22:38:34 + echo '$ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS'

314 22:38:34 $ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS

315 22:38:34 + /kaniko/executor --context /build/internal/gitlab-templates/context/ --dockerfile Dockerfile.dhi '--destination=registry.scandit.com/internal/gitlab-templates:508451893fcba7bf89e8aafe490319bf7e0d93d3954882e319ea8a32bcce8f48' '--destination=registry.scandit.com/internal/gitlab-templates:latest-MR639' '--cache=true' --cache-copy-layers --cache-dir /cache/kaniko --cache-repo registry.scandit.com/internal/gitlab-templates/cache '--cache-ttl=336h' --annotation 'org.opencontainers.image.ref.name=renovate/registry.scandit.com-dockerfiles-kaniko-1.x' --annotation 'org.opencontainers.image.revision=22f5b5c32e4d267c3494a360c3cf287d060f8b90' --annotation 'org.opencontainers.image.url=https://gitlab.scandit.com/internal/gitlab-templates/-/jobs/54442910' --annotation 'io.gitlab.ci.pipeline_id=1580356' --annotation 'io.gitlab.ci.job_id=54442910' --annotation 'io.gitlab.ci.job_image=registry.scandit.com/dockerfiles/kaniko:v1.27.4-crane@sha256:fa662cefab90e8cde8767935540790733c85bd963f2c18b444d6595e3e91a0ff' --annotation 'org.opencontainers.image.title=registry.scandit.com/internal/gitlab-templates:latest' --annotation 'org.opencontainers.image.created=2026-05-05T22:38:34Z' --annotation 'org.opencontainers.image.vendor=Scandit' --annotation 'io.scandit.ci.hash=508451893fcba7bf89e8aafe490319bf7e0d93d3954882e319ea8a32bcce8f48' --preserve-context '--credential-helpers=gitlab' --secret 'id=netrc,src=/kaniko/.netrc' --secret 'id=ci_job_token,env=CI_JOB_TOKEN'

316 22:38:34 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

317 22:38:41 INFO[0006] Retrieving image manifest dhi.io/debian-base:trixie-dev

318 22:38:41 INFO[0006] Retrieving image dhi.io/debian-base:trixie-dev from registry dhi.io

319 22:38:41 INFO[0006] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

320 22:38:42 INFO[0008] Retrieving image manifest dhi.io/debian-base:trixie-dev

321 22:38:42 INFO[0008] Returning cached image manifest

322 22:38:43 INFO[0008] Retrieving image manifest dhi.io/debian-base:trixie-dev

323 22:38:43 INFO[0008] Returning cached image manifest

324 22:38:43 INFO[0008] Retrieving image manifest dhi.io/debian-base:trixie-dev

325 22:38:43 INFO[0008] Returning cached image manifest

326 22:38:43 INFO[0008] Built cross stage deps: map[]

327 22:38:43 INFO[0008] Skipping context snapshot as no-one requires it

328 22:38:43 INFO[0008] Retrieving image manifest dhi.io/debian-base:trixie-dev

329 22:38:43 INFO[0008] Returning cached image manifest

330 22:38:43 INFO[0008] Retrieving image manifest dhi.io/debian-base:trixie-dev

331 22:38:43 INFO[0008] Returning cached image manifest

332 22:38:43 INFO[0008] Building stage 'dhi.io/debian-base:trixie-dev' [idx: '0', base-idx: '-1']

333 22:38:43 INFO[0008] Checking for cached layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc...

334 22:38:43 INFO[0008] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

335 22:38:43 INFO[0008] Using caching version of cmd: RUN whoami

336 22:38:43 INFO[0008] Skipping unpacking as no commands require it.

337 22:38:43 INFO[0008] RUN whoami

338 22:38:43 INFO[0008] Found cached layer, extracting to filesystem

339 22:38:43 INFO[0008] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

340 22:38:43 INFO[0008] Pushing image to registry.scandit.com/internal/gitlab-templates:508451893fcba7bf89e8aafe490319bf7e0d93d3954882e319ea8a32bcce8f48

341 22:38:44 INFO[0010] Pushed registry.scandit.com/internal/gitlab-templates@sha256:524b9d097314989ef837074feff2ee127b55558a72f2e56421b724f9e898c515

342 22:38:44 INFO[0010] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

343 22:38:44 INFO[0010] Pushing image to registry.scandit.com/internal/gitlab-templates:latest-MR639

344 22:38:45 INFO[0010] Pushed registry.scandit.com/internal/gitlab-templates@sha256:524b9d097314989ef837074feff2ee127b55558a72f2e56421b724f9e898c515

345 22:38:45 + cleanup

346 22:38:45 + rv=0

347 22:38:45 + '[' 0 -ne 0 ]

348 22:38:45 + echo

349 22:38:45

350 22:38:45 + echo 'Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54442910'

351 22:38:45 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54442910

352 22:38:45 + echo

353 22:38:45

354 22:38:45 + echo

355 22:38:45

356 22:38:45 + echo 'Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-27-85.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-wdro01e2&var-resolution=15&from=1778020713000&to=1778020724000'

357 22:38:45 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-27-85.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-2-wdro01e2&var-resolution=15&from=1778020713000&to=1778020724000

358 22:38:45 + echo 'Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-27-85.eu-central-1.compute.internal&var-resolution=15s&from=1778020713000&to=1778020724000'

359 22:38:45 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-27-85.eu-central-1.compute.internal&var-resolution=15s&from=1778020713000&to=1778020724000

360 22:38:45 + echo 'Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580356&var-filters=CI_JOB_ID|=|54442910&sortOrder=Ascending&from=1778020713000&to=1778020724000'

361 22:38:45 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1580356&var-filters=CI_JOB_ID|=|54442910&sortOrder=Ascending&from=1778020713000&to=1778020724000

362 22:38:45 + date -d '-7 days' '+%Y-%m-%d'

363 22:38:45 date: invalid date '-7 days'

364 22:38:45 + date -d '+7 days' '+%Y-%m-%d'

365 22:38:45 date: invalid date '+7 days'

366 22:38:45 + echo 'Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates'

367 22:38:45 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

368 22:38:45 + echo

369 22:38:45

370 22:38:45 + exit 0

371 22:38:45

372 22:38:45 section_end:1778020725:step_script

373 22:38:45 +section_start:1778020725:upload_artifacts_on_success

374 22:38:45 +Uploading artifacts for successful job

375 22:38:45 Uploading artifacts...

376 22:38:45 docker_image_build.env: found 1 matching artifact files and directories

377 22:38:46 Uploading artifacts as "dotenv" to coordinator... 201 Created correlation_id=01KQX4PD3Q5Y6S27XKPPV7D7KQ id=54442910 responseStatus=201 Created token=64_M3xgFK

378 22:38:46

379 22:38:46 section_end:1778020726:upload_artifacts_on_success

380 22:38:46 +section_start:1778020726:cleanup_file_variables

381 22:38:46 +Cleaning up project directory and file based variables

382 22:38:46

383 22:38:46 section_end:1778020726:cleanup_file_variables

384 22:38:46 +

385 22:38:46 Job succeeded

386

build-python3-image-with-docker-hardened-image ○ success

Job Execution Phases

Full Job Log