build-python3-image-with-docker-hardened-image ○ success

Duration: 1m 10s
Queued: 3s
📁 Stage: docker-image
🖥 Runner: linux-3
Back to Pipeline View in GitLab
Average Duration
26s
This job: 1m 10s
Failure Rate
2.9%
last 30 days
External Links
📊 Grafana Pod View 📊 Grafana Node View 📋 Loki Logs 🔍 Lilibet Dashboard

Job Execution Phases

💡 Tip: Click on any phase bar to jump to that section in the log below

Job Analysis

Job Status: Passed

Status: Job passed successfully

Full Job Log

403 lines
Match - of 0
1 22:35:37 Running with gitlab-runner 18.9.0 (07e534ba)
2 22:35:37 on gitlab-runner-linux-3-59cc58cb8f-zhhfl m6BsGHXRX, system ID: r_cd3Y9Qk7x1y9
3 22:35:37 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_ENABLE_JOB_CLEANUP:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true
4 22:35:37 Resolving secrets
5 22:35:37 section_start:1778106937:prepare_executor
6 22:35:37 +Preparing the "kubernetes" executor
7 22:35:37 "CPURequest" overwritten with "2"
8 22:35:37 "MemoryRequest" overwritten with "4G"
9 22:35:37 Using Kubernetes namespace: gitlab-runner
10 22:35:37 Using Kubernetes executor with image registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac ...
11 22:35:37 Using attach strategy to execute scripts...
12 22:35:37 Using effective pull policy of [Always] for container build
13 22:35:37 Using effective pull policy of [Always] for container helper
14 22:35:37 Using effective pull policy of [Always] for container init-permissions
15 22:35:37 section_end:1778106937:prepare_executor
16 22:35:37 +section_start:1778106937:prepare_script
17 22:35:37 +Preparing environment
18 22:35:37 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...
19 22:35:37 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...
20 22:35:38 Subscribing to Kubernetes Pod events...
21 22:35:38 Type Reason Message
22 22:35:38 Normal Scheduled Successfully assigned gitlab-runner/runner-m6bsghxrx-project-621-concurrent-4-0yzv59im to ci10
23 22:35:40 Normal Pulled Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v18.9.0" already present on machine
24 22:35:42 Normal Created Created container: init-permissions
25 22:35:42 Normal Started Started container init-permissions
26 22:35:44 Normal Pulled Container image "registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v18.9.0" already present on machine
27 22:35:46 Normal Created Created container: helper
28 22:35:46 Normal Started Started container helper
29 22:35:46 Normal Pulling Pulling image "registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac"
30 22:36:09 Normal Pulled Successfully pulled image "registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac" in 23.203s (23.204s including waiting). Image size: 49989654 bytes.
31 22:36:11 Normal Created Created container: build
32 22:36:11 Normal Started Started container build
33 22:36:15 Running on runner-m6bsghxrx-project-621-concurrent-4-0yzv59im via gitlab-runner-linux-3-59cc58cb8f-zhhfl...
34 22:36:15
35 22:36:15 section_end:1778106975:prepare_script
36 22:36:15 +section_start:1778106975:get_sources
37 22:36:15 +Getting source from Git repository
38 22:36:15 Gitaly correlation ID: 01KQZPXC006VYE0PCJATCJEG92
39 22:36:15 Fetching changes with git depth set to 1...
40 22:36:15 Initialized empty Git repository in /build/internal/gitlab-templates/.git/
41 22:36:15 Created fresh repository.
42 22:36:16 Checking out 7f6b32cc as detached HEAD (ref is refs/merge-requests/640/merge)...
43 22:36:16
44 22:36:16 Skipping Git submodules setup
45 22:36:16
46 22:36:16 section_end:1778106976:get_sources
47 22:36:16 +section_start:1778106976:step_script
48 22:36:16 +Executing "step_script" stage of the job script
49 22:36:17 section_start:1778106976:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {
50 22:36:17 rv=$?
51 22:36:17 if [ $rv -ne 0 ]; then
52 22:36:17 echo ""
53 22:36:17 echo " Failure Cause Analysis might help, please open this link:"
54 22:36:17 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
55 22:36:17 echo ""
56 22:36:17 fi
57 22:36:17 echo ""
58 22:36:17 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"
59 22:36:17 echo ""
60 22:36:17 echo ""
61 22:36:17 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"
62 22:36:17 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"
63 22:36:17 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7C${LOKI_LOGSOURCE}&var-filters=namespace%7C%3D%7C${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID%7C%3D%7C${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID%7C%3D%7C${CI_PIPELINE_ID}&var-filters=CI_JOB_ID%7C%3D%7C${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"
64 22:36:17 __date_from=$(date -d "@$(( EPOCHSECONDS - 604800 ))" +%Y-%m-%d)
65 22:36:17 __date_to=$(date -d "@$(( EPOCHSECONDS + 604800 ))" +%Y-%m-%d)
66 22:36:17 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=${__date_from}~${__date_to}&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"
67 22:36:17 echo ""
68 22:36:17 exit $rv
69 22:36:17 }
70 22:36:17 trap cleanup EXIT
71 22:36:17 echo "INFO: This is the CI job pre_build_script"
72 22:36:17 echo "INFO: It's defined in the backend/infra/onprem/k8s repo."
73 22:36:17 echo "INFO: These additional Scandit variables are available to you:"
74 22:36:17 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"
75 22:36:17 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"
76 22:36:17 echo " SC_K8S_KYVERNO_PATCHES: |"
77 22:36:17 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'
78 22:36:17 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"
79 22:36:17 if command -v numfmt >/dev/null 2>&1; then
80 22:36:17 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"
81 22:36:17 else
82 22:36:17 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"
83 22:36:17 fi
84 22:36:17 __start_time=${EPOCHSECONDS}
85 22:36:17 echo ""
86 22:36:17 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"
87 22:36:17 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"
88 22:36:17 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group%7C%3D%7Cgitlab-runner&var-filters=source%7C%3D%7C${LOKI_LOGSOURCE}&var-filters=namespace%7C%3D%7C${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID%7C%3D%7C${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID%7C%3D%7C${CI_PIPELINE_ID}&var-filters=CI_JOB_ID%7C%3D%7C${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"
89 22:36:17 __date_from=$(date -d "@$(( EPOCHSECONDS - 604800 ))" +%Y-%m-%d)
90 22:36:17 __date_to=$(date -d "@$(( EPOCHSECONDS + 604800 ))" +%Y-%m-%d)
91 22:36:17 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=${__date_from}~${__date_to}&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"
92 22:36:17 echo ""
93 22:36:17 echo "Setting up credentials for Gitlab Python registries"
94 22:36:17 mkdir -p ~
95 22:36:17 echo "machine gitlab.scandit.com" > ~/.netrc
96 22:36:17 echo "login gitlab-ci-token" >> ~/.netrc
97 22:36:17 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc
98 22:36:17 chmod 600 ~/.netrc
99 22:36:17 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then
100 22:36:17 git config --global --add safe.directory $CI_PROJECT_DIR
101 22:36:17 fi
102 22:36:17 sleep infinity &
103 22:36:17 echo $! > ~/.bg_pid
104 22:36:17 section_end:1778106976:section_pre_build_script_0
105 22:36:17 INFO: This is the CI job pre_build_script
106 22:36:17 INFO: It's defined in the backend/infra/onprem/k8s repo.
107 22:36:17 INFO: These additional Scandit variables are available to you:
108 22:36:17 SC_K8S_NODE_NAME: ci10
109 22:36:17 SC_K8S_IMAGE_ID:
110 22:36:17 SC_K8S_KYVERNO_PATCHES: |
111 22:36:17
112 22:36:17 cpu (r/l): 2/8
113 22:36:17 memory (r/l): 4000000000/17179869184
114 22:36:17
115 22:36:17 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci10&var-namespace=gitlab-runner&var-pod=runner-m6bsghxrx-project-621-concurrent-4-0yzv59im&var-resolution=15&from=1778106976000&to=now
116 22:36:17 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci10&var-resolution=15s&from=1778106976000&to=now
117 22:36:17 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C%3D%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1582483&var-filters=CI_JOB_ID%7C%3D%7C54539142&sortOrder=Ascending&from=1778106976000&to=now
118 22:36:17 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-29~2026-05-13&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates
119 22:36:17
120 22:36:17 Setting up credentials for Gitlab Python registries
121 22:36:17 $ echo $DOCKER_CONFIG_JSON > /kaniko/.docker/config.json
122 22:36:17 $ mv /root/.netrc /kaniko/.netrc
123 22:36:17 section_start:1778106976:section_script_step_2[hide_duration=true,collapsed=true] $ function copy_files() {
124 22:36:17 local src="$1"
125 22:36:17 local trg="$2"
126 22:36:17 for f in $src; do
127 22:36:17 t="$trg/`dirname $f`"
128 22:36:17 mkdir -p $t || true
129 22:36:17 echo "Copy $f"
130 22:36:17 cp -pr $f $trg/$f
131 22:36:17 done
132 22:36:17 }
133 22:36:17 function recursive_hash() {
134 22:36:17 local dir="$1"
135 22:36:17 find "$dir" -exec stat -c '%F|%a|%u:%g|%n' {} + -type f -exec sha256sum {} + | sort | sha256sum | cut -d ' ' -f1
136 22:36:17 }
137 22:36:17 function remote_docker_digest() {
138 22:36:17 local images="$1"
139 22:36:17 echo $images | xargs -n 1 crane digest
140 22:36:17 }
141 22:36:17 function remote_image_exists() {
142 22:36:17 local image="$1"
143 22:36:17 crane manifest $image > /dev/null 2>&1
144 22:36:17 }
145 22:36:17 function remote_images_are_identical() {
146 22:36:17 local imageA="$1"
147 22:36:17 local imageB="$2"
148 22:36:17 if [[ $(remote_docker_digest "$imageA") == $(remote_docker_digest "$imageB") ]]; then
149 22:36:17 return 0
150 22:36:17 else
151 22:36:17 return 1
152 22:36:17 fi
153 22:36:17 }
154 22:36:17 function copy_image() {
155 22:36:17 local image="$1"
156 22:36:17 local remotes="$2"
157 22:36:17 local backup_ext="$3"
158 22:36:17 echo "$image"
159 22:36:17 local source_digest=$(remote_docker_digest $image)
160 22:36:17 local target_digest
161 22:36:17 for registry in $remotes; do
162 22:36:17 if target_digest=$(remote_docker_digest $registry); then
163 22:36:17 if [ "$target_digest" != "$source_digest" ]; then
164 22:36:17 echo "image outdated, overwriting with newest version"
165 22:36:17 crane copy $image $registry
166 22:36:17 crane copy $image ${registry}${backup_ext}
167 22:36:17 fi
168 22:36:17 else
169 22:36:17 echo "image does not exist, writing newest version"
170 22:36:17 crane copy $image $registry
171 22:36:17 crane copy $image ${registry}${backup_ext}
172 22:36:17 fi
173 22:36:17 done
174 22:36:17 }
175 22:36:17 section_end:1778106976:section_script_step_2
176 22:36:17 section_start:1778106976:section_script_step_3[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_SUBDIR" != "" ]; then
177 22:36:17 echo "Entering subpath $CONTAINER_SUBDIR"
178 22:36:17 cd $CONTAINER_SUBDIR
179 22:36:17 fi
180 22:36:17 section_end:1778106976:section_script_step_3
181 22:36:17 $ copy_files "$CONTAINER_IMPLICIT_REQUIREMENTS $CONTAINER_REQUIREMENTS" "$CONTAINER_CONTEXT_PATH"
182 22:36:17 Copy Dockerfile.dhi
183 22:36:17 $ echo "$CONTAINER_BUILD_ENVIRONMENT" > $CONTAINER_CONTEXT_PATH/.docker-build-env
184 22:36:17 $ docker_checksum=$(recursive_hash $CONTAINER_CONTEXT_PATH)
185 22:36:17 section_start:1778106976:section_script_step_7[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_IMAGE_NAME" == "" ]; then
186 22:36:17 final_image_name=${CONTAINER_IMAGE_URL}
187 22:36:17 else
188 22:36:17 final_image_name=${CONTAINER_IMAGE_URL}/${CONTAINER_IMAGE_NAME}
189 22:36:17 fi
190 22:36:17 section_end:1778106976:section_script_step_7
191 22:36:17 $ final_image_url=${final_image_name}:${docker_checksum}
192 22:36:17 section_start:1778106976:section_script_step_9[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then
193 22:36:17 echo $CONTAINER_IMAGE_VARIABLE=${final_image_url}-P${CI_PROJECT_ID}-${CI_PIPELINE_ID} > $CI_PROJECT_DIR/docker_image_build.env
194 22:36:17 else
195 22:36:17 echo $CONTAINER_IMAGE_VARIABLE=$final_image_url > $CI_PROJECT_DIR/docker_image_build.env
196 22:36:17 fi
197 22:36:17 section_end:1778106976:section_script_step_9
198 22:36:17 $ echo ${CONTAINER_IMAGE_VARIABLE}_HASH=$docker_checksum >> $CI_PROJECT_DIR/docker_image_build.env
199 22:36:17 section_start:1778106976:section_script_step_11[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] || command -v crane &> /dev/null; then
200 22:36:17 echo $REGISTRY_PASSWORD | crane auth login $REGISTRY -u $REGISTRY_USER --password-stdin
201 22:36:17 fi
202 22:36:17 section_end:1778106976:section_script_step_11
203 22:36:17
204 22:36:17 WARNING! Your credentials are stored unencrypted in '/kaniko/.docker/config.json'.
205 22:36:17 Configure a credential helper to remove this warning. See
206 22:36:17 https://docs.docker.com/go/credential-store/
207 22:36:17
208 22:36:17 2026/05/06 22:36:16 logged in via /kaniko/.docker/config.json
209 22:36:17 section_start:1778106976:section_script_step_12[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] && remote_image_exists "$final_image_url"; then
210 22:36:17 echo "Image already exists, skip the build."
211 22:36:17 echo "$final_image_url"
212 22:36:17 if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
213 22:36:17 _EXT=""
214 22:36:17 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"
215 22:36:17 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then
216 22:36:17 _EXT="-MR${CI_MERGE_REQUEST_IID}"
217 22:36:17 _BACKUP_EXT=""
218 22:36:17 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then
219 22:36:17 _EXT="-${CI_COMMIT_REF_SLUG}"
220 22:36:17 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"
221 22:36:17 fi
222 22:36:17 for _TAG in $CONTAINER_IMAGE_TAG; do
223 22:36:17 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"
224 22:36:17 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}" "${_BACKUP_EXT}"
225 22:36:17 done
226 22:36:17 if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then
227 22:36:17 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
228 22:36:17 echo "Copying ${final_image_url} to ${final_image_url}${_EXT}"
229 22:36:17 copy_image "${final_image_url}" "${final_image_url}${_EXT}"
230 22:36:17 for _TAG in $CONTAINER_IMAGE_TAG; do
231 22:36:17 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"
232 22:36:17 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}"
233 22:36:17 done
234 22:36:17 fi
235 22:36:17 exit 0
236 22:36:17 fi
237 22:36:17 section_end:1778106976:section_script_step_12
238 22:36:17 $ DESTINATIONS="--destination=$final_image_url"
239 22:36:17 section_start:1778106976:section_script_step_14[hide_duration=true,collapsed=true] $ if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
240 22:36:17 _EXT=""
241 22:36:17 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG
242 22:36:17 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then
243 22:36:17 _EXT="-MR${CI_MERGE_REQUEST_IID}"
244 22:36:17 TIMESTAMP_TAGS=""
245 22:36:17 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then
246 22:36:17 _EXT="-${CI_COMMIT_REF_SLUG}"
247 22:36:17 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG
248 22:36:17 fi
249 22:36:17 section_end:1778106976:section_script_step_14
250 22:36:17 section_start:1778106976:section_script_step_15[hide_duration=true,collapsed=true] $ for _TAG in $CONTAINER_IMAGE_TAG; do
251 22:36:17 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"
252 22:36:17 done
253 22:36:17 section_end:1778106976:section_script_step_15
254 22:36:17 section_start:1778106976:section_script_step_16[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then
255 22:36:17 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"
256 22:36:17 DESTINATIONS="${DESTINATIONS} --destination=${final_image_url}${_EXT}"
257 22:36:17 for _TAG in $CONTAINER_IMAGE_TAG; do
258 22:36:17 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"
259 22:36:17 done
260 22:36:17 fi
261 22:36:17 section_end:1778106976:section_script_step_16
262 22:36:17 section_start:1778106976:section_script_step_17[hide_duration=true,collapsed=true] $ DATE=$(date '+%Y%m%d')
263 22:36:17 for _TAG in $TIMESTAMP_TAGS; do
264 22:36:17 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}-CI${CI_JOB_ID}-${DATE}"
265 22:36:17 done
266 22:36:17 section_end:1778106976:section_script_step_17
267 22:36:17 section_start:1778106976:section_script_step_18[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_BUILD_ARGS}" ]; then
268 22:36:17 for _BUILD_ARG in $CONTAINER_BUILD_ARGS; do
269 22:36:17 FINAL_BUILD_ARGS="--build-arg $_BUILD_ARG $FINAL_BUILD_ARGS"
270 22:36:17 done
271 22:36:17 fi
272 22:36:17 section_end:1778106976:section_script_step_18
273 22:36:17 section_start:1778106976:section_script_step_19[hide_duration=true,collapsed=true] $ for _PATH in $CONTAINER_IGNORE_PATHS; do
274 22:36:17 FINAL_IGNORE_PATHS="--ignore-path=$_PATH $FINAL_IGNORE_PATHS"
275 22:36:17 done
276 22:36:17 section_end:1778106976:section_script_step_19
277 22:36:17 section_start:1778106976:section_script_step_20[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_PLATFORM}" ]; then
278 22:36:17 KANIKO_PLATFORM="--custom-platform=${CONTAINER_PLATFORM}"
279 22:36:17 fi
280 22:36:17 section_end:1778106976:section_script_step_20
281 22:36:17 $ ANNOTATIONS=""
282 22:36:17 section_start:1778106976:section_script_step_22[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_REF_NAME" ]]; then
283 22:36:17 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"
284 22:36:17 fi
285 22:36:17 section_end:1778106976:section_script_step_22
286 22:36:17 section_start:1778106976:section_script_step_23[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_SHA" ]]; then
287 22:36:17 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.revision=${CI_COMMIT_SHA}"
288 22:36:17 fi
289 22:36:17 section_end:1778106976:section_script_step_23
290 22:36:17 section_start:1778106976:section_script_step_24[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_URL" ]]; then
291 22:36:17 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.url=${CI_JOB_URL}"
292 22:36:17 fi
293 22:36:17 section_end:1778106976:section_script_step_24
294 22:36:17 section_start:1778106976:section_script_step_25[hide_duration=true,collapsed=true] $ if [[ -n "$CI_PIPELINE_ID" ]]; then
295 22:36:17 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.pipeline_id=${CI_PIPELINE_ID}"
296 22:36:17 fi
297 22:36:17 section_end:1778106976:section_script_step_25
298 22:36:17 section_start:1778106976:section_script_step_26[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_ID" ]]; then
299 22:36:17 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_id=${CI_JOB_ID}"
300 22:36:17 fi
301 22:36:17 section_end:1778106976:section_script_step_26
302 22:36:17 section_start:1778106976:section_script_step_27[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_IMAGE" ]]; then
303 22:36:17 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_image=${CI_JOB_IMAGE}"
304 22:36:17 fi
305 22:36:17 section_end:1778106976:section_script_step_27
306 22:36:17 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.title=${final_image_name}:$(echo $CONTAINER_IMAGE_TAG | cut -d' ' -f1)"
307 22:36:17 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)"
308 22:36:17 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.vendor=Scandit"
309 22:36:17 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.scandit.ci.hash=${docker_checksum}"
310 22:36:17 section_start:1778106976:section_script_step_32[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_TARGET_STAGE}" ]; then
311 22:36:17 KANIKO_TARGET="--target $CONTAINER_TARGET_STAGE"
312 22:36:17 fi
313 22:36:17 section_end:1778106976:section_script_step_32
314 22:36:17 $ set -x
315 22:36:17 + echo '$ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS'
316 22:36:17 $ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS
317 22:36:17 + /kaniko/executor --context /build/internal/gitlab-templates/context/ --dockerfile Dockerfile.dhi '--destination=registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' '--destination=registry.scandit.com/internal/gitlab-templates:latest-MR640' '--cache=true' --cache-copy-layers --cache-dir /cache/kaniko --cache-repo registry.scandit.com/internal/gitlab-templates/cache '--cache-ttl=336h' --annotation 'org.opencontainers.image.ref.name=renovate/docker-digests' --annotation 'org.opencontainers.image.revision=7f6b32cc858f497915cdbf195c3784d827544149' --annotation 'org.opencontainers.image.url=https://gitlab.scandit.com/internal/gitlab-templates/-/jobs/54539142' --annotation 'io.gitlab.ci.pipeline_id=1582483' --annotation 'io.gitlab.ci.job_id=54539142' --annotation 'io.gitlab.ci.job_image=registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac' --annotation 'org.opencontainers.image.title=registry.scandit.com/internal/gitlab-templates:latest' --annotation 'org.opencontainers.image.created=2026-05-06T22:36:16Z' --annotation 'org.opencontainers.image.vendor=Scandit' --annotation 'io.scandit.ci.hash=7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' --preserve-context '--credential-helpers=gitlab' --secret 'id=netrc,src=/kaniko/.netrc' --secret 'id=ci_job_token,env=CI_JOB_TOKEN'
318 22:36:17 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]
319 22:36:21 INFO[0003] Retrieving image manifest dhi.io/debian-base:trixie-dev
320 22:36:21 INFO[0003] Retrieving image dhi.io/debian-base:trixie-dev from registry dhi.io
321 22:36:21 INFO[0003] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]
322 22:36:22 INFO[0004] Retrieving image manifest dhi.io/debian-base:trixie-dev
323 22:36:22 INFO[0004] Returning cached image manifest
324 22:36:22 INFO[0005] Retrieving image manifest dhi.io/debian-base:trixie-dev
325 22:36:22 INFO[0005] Returning cached image manifest
326 22:36:22 INFO[0005] Retrieving image manifest dhi.io/debian-base:trixie-dev
327 22:36:22 INFO[0005] Returning cached image manifest
328 22:36:22 INFO[0005] Built cross stage deps: map[]
329 22:36:22 INFO[0005] Skipping context snapshot as no-one requires it
330 22:36:22 INFO[0005] Retrieving image manifest dhi.io/debian-base:trixie-dev
331 22:36:22 INFO[0005] Returning cached image manifest
332 22:36:22 INFO[0005] Retrieving image manifest dhi.io/debian-base:trixie-dev
333 22:36:22 INFO[0005] Returning cached image manifest
334 22:36:22 INFO[0005] Building stage 'dhi.io/debian-base:trixie-dev' [idx: '0', base-idx: '-1']
335 22:36:22 INFO[0005] Checking for cached layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc...
336 22:36:22 INFO[0005] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]
337 22:36:22 INFO[0005] No cached layer found for cmd RUN whoami
338 22:36:22 INFO[0005] Unpacking rootfs as cmd RUN whoami requires it.
339 22:36:25 INFO[0008] RUN whoami
340 22:36:25 INFO[0008] Initializing snapshotter ...
341 22:36:25 INFO[0008] Taking snapshot of full filesystem...
342 22:36:28 INFO[0011] Cmd: /bin/sh
343 22:36:28 INFO[0011] Args: [-c whoami]
344 22:36:29 INFO[0011] Util.Lookup returned: &{Uid:0 Gid:0 Username:root Name:root HomeDir:/root}
345 22:36:29 INFO[0011] Performing slow lookup of group ids for root
346 22:36:29 INFO[0011] Running: [/kaniko/tini -s -- /bin/sh -c whoami]
347 22:36:29 root
348 22:36:29 INFO[0011] Taking snapshot of full filesystem...
349 22:36:36 INFO[0018] Pushing layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc to cache now
350 22:36:36 INFO[0018] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]
351 22:36:36 INFO[0018] Pushing image to registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc
352 22:36:42 INFO[0024] Pushed registry.scandit.com/internal/gitlab-templates/cache@sha256:0dfff6d5c600c6d92012e4b873a7a848a005c50ef43e1284e5bd781324e15bc5
353 22:36:42 INFO[0024] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]
354 22:36:42 INFO[0024] Pushing image to registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5
355 22:36:43 INFO[0026] Pushed registry.scandit.com/internal/gitlab-templates@sha256:6a6558429a57e5c41a57ab6a4d017fc5e5e3aa3de9c5c9c48d9f0c918e342b42
356 22:36:43 INFO[0026] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]
357 22:36:43 INFO[0026] Pushing image to registry.scandit.com/internal/gitlab-templates:latest-MR640
358 22:36:44 INFO[0026] Pushed registry.scandit.com/internal/gitlab-templates@sha256:6a6558429a57e5c41a57ab6a4d017fc5e5e3aa3de9c5c9c48d9f0c918e342b42
359 22:36:44 + cleanup
360 22:36:44 + rv=0
361 22:36:44 + '[' 0 -ne 0 ]
362 22:36:44 + echo
363 22:36:44
364 22:36:44 + echo 'Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54539142'
365 22:36:44 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54539142
366 22:36:44 + echo
367 22:36:44
368 22:36:44 + echo
369 22:36:44
370 22:36:44 + echo 'Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci10&var-namespace=gitlab-runner&var-pod=runner-m6bsghxrx-project-621-concurrent-4-0yzv59im&var-resolution=15&from=1778106976000&to=1778107003000'
371 22:36:44 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-host=ci10&var-namespace=gitlab-runner&var-pod=runner-m6bsghxrx-project-621-concurrent-4-0yzv59im&var-resolution=15&from=1778106976000&to=1778107003000
372 22:36:44 + echo 'Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci10&var-resolution=15s&from=1778106976000&to=1778107003000'
373 22:36:44 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=KpIiby5Vz&var-node=ci10&var-resolution=15s&from=1778106976000&to=1778107003000
374 22:36:44 + echo 'Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1582483&var-filters=CI_JOB_ID%7C%3D%7C54539142&sortOrder=Ascending&from=1778106976000&to=1778107003000'
375 22:36:44 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group%7C=%7Cgitlab-runner&var-filters=source%7C%3D%7Czrh.int.scandit.io&var-filters=namespace%7C%3D%7Cgitlab-runner&var-filters=CI_PROJECT_ID%7C%3D%7C621&var-filters=CI_PIPELINE_ID%7C%3D%7C1582483&var-filters=CI_JOB_ID%7C%3D%7C54539142&sortOrder=Ascending&from=1778106976000&to=1778107003000
376 22:36:44 + date -d @1777502203 '+%Y-%m-%d'
377 22:36:44 + __date_from=2026-04-29
378 22:36:44 + date -d @1778711803 '+%Y-%m-%d'
379 22:36:44 + __date_to=2026-05-13
380 22:36:44 + echo 'Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-29~2026-05-13&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates'
381 22:36:45 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=2026-04-29~2026-05-13&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates
382 22:36:45 + echo
383 22:36:45
384 22:36:45 + exit 0
385 22:36:45
386 22:36:45 section_end:1778107005:step_script
387 22:36:45 +section_start:1778107005:upload_artifacts_on_success
388 22:36:45 +Uploading artifacts for successful job
389 22:36:46 Uploading artifacts...
390 22:36:46 docker_image_build.env: found 1 matching artifact files and directories
391 22:36:47 Uploading artifacts as "dotenv" to coordinator... 201 Created correlation_id=01KQZPZFKMWVA8M50ZW0AN5JX2 id=54539142 responseStatus=201 Created token=64_Q-kygf
392 22:36:47
393 22:36:47 section_end:1778107007:upload_artifacts_on_success
394 22:36:47 +section_start:1778107007:cleanup_file_variables
395 22:36:47 +Cleaning up project directory and file based variables
396 22:36:48 Removing context/
397 22:36:48 Removing docker_image_build.env
398 22:36:48 HEAD is now at 7f6b32c Merge branch 'renovate/docker-digests' into 'master'
399 22:36:48
400 22:36:48 section_end:1778107008:cleanup_file_variables
401 22:36:48 +
402 22:36:48 Job succeeded
403