Job Analysis

1 10:47:53 Running with gitlab-runner 18.9.0 (07e534ba)

2 10:47:53 on gitlab-runner-linux-1-746bdd58fd-tts8x wRxjPbsJX, system ID: r_m6TL6gRr35Rk

3 10:47:53 feature flags: FF_USE_FASTZIP:true, FF_USE_NEW_BASH_EVAL_STRATEGY:true, FF_USE_DYNAMIC_TRACE_FORCE_SEND_INTERVAL:true, FF_SCRIPT_SECTIONS:true, FF_USE_ADVANCED_POD_SPEC_CONFIGURATION:true, FF_PRINT_POD_EVENTS:true, FF_USE_DUMB_INIT_WITH_KUBERNETES_EXECUTOR:true, FF_LOG_IMAGES_CONFIGURED_FOR_JOB:true, FF_CLEAN_UP_FAILED_CACHE_EXTRACT:true, FF_GIT_URLS_WITHOUT_TOKENS:true, FF_WAIT_FOR_POD_TO_BE_REACHABLE:true, FF_USE_FLEETING_ACQUIRE_HEARTBEATS:true, FF_USE_JOB_ROUTER:true

4 10:47:53 Resolving secrets

5 10:47:53 section_start:1778237273:prepare_executor

6 10:47:53 +Preparing the "kubernetes" executor

7 10:47:53 "CPURequest" overwritten with "2"

8 10:47:53 "MemoryRequest" overwritten with "4G"

9 10:47:53 Using Kubernetes namespace: gitlab-runner

10 10:47:53 Using Kubernetes executor with image registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac ...

11 10:47:53 Using attach strategy to execute scripts...

12 10:47:53 Using effective pull policy of [Always] for container helper

13 10:47:53 Using effective pull policy of [Always] for container init-permissions

14 10:47:53 Using effective pull policy of [Always] for container build

15 10:47:53 section_end:1778237273:prepare_executor

16 10:47:53 +section_start:1778237273:prepare_script

17 10:47:53 +Preparing environment

18 10:47:53 Using FF_USE_POD_ACTIVE_DEADLINE_SECONDS, the Pod activeDeadlineSeconds will be set to the job timeout: 1h0m0s...

19 10:47:53 WARNING: Advanced Pod Spec configuration enabled, merging the provided PodSpec to the generated one. This is a beta feature and is subject to change. Feedback is collected in this issue: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29659 ...

20 10:47:54 Subscribing to Kubernetes Pod events...

21 10:47:55 Type Reason Message

22 10:47:55 Normal Scheduled Successfully assigned gitlab-runner/runner-wrxjpbsjx-project-621-concurrent-0-rgdwzihg to ip-10-0-17-81.eu-central-1.compute.internal

23 10:47:55 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine

24 10:47:55 Normal Created Created container: init-permissions

25 10:47:55 Normal Started Started container init-permissions

26 10:47:58 Normal Pulled Container image "498954711405.dkr.ecr.eu-central-1.amazonaws.com/dockerfiles/kaniko@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac" already present on machine

27 10:47:58 Normal Created Created container: build

28 10:47:58 Normal Started Started container build

29 10:47:58 Normal Pulled Container image "gitlab/gitlab-runner-helper:x86_64-v18.8.0" already present on machine

30 10:47:58 Normal Created Created container: helper

31 10:47:58 Normal Started Started container helper

32 10:48:03 Running on runner-wrxjpbsjx-project-621-concurrent-0-rgdwzihg via gitlab-runner-linux-1-746bdd58fd-tts8x...

33 10:48:03

34 10:48:03 section_end:1778237283:prepare_script

35 10:48:03 +section_start:1778237283:get_sources

36 10:48:03 +Getting source from Git repository

37 10:48:03 Gitaly correlation ID: 01KR3K6VZ22FBEN2NP5ZK6KDGK

38 10:48:03 Fetching changes with git depth set to 1...

39 10:48:03 Initialized empty Git repository in /build/internal/gitlab-templates/.git/

40 10:48:03 Created fresh repository.

41 10:48:05 Checking out 6e76a6a0 as detached HEAD (ref is refs/merge-requests/641/merge)...

42 10:48:05

43 10:48:05 Skipping Git submodules setup

44 10:48:05

45 10:48:05 section_end:1778237285:get_sources

46 10:48:05 +section_start:1778237285:step_script

47 10:48:05 +Executing "step_script" stage of the job script

48 10:48:05 section_start:1778237285:section_pre_build_script_0[hide_duration=true,collapsed=true] $ function cleanup {

49 10:48:05 rv=$?

50 10:48:05 if [ $rv -ne 0 ]; then

51 10:48:05 echo ""

52 10:48:05 echo " Failure Cause Analysis might help, please open this link:"

53 10:48:05 echo " https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

54 10:48:05 echo ""

55 10:48:05 fi

56 10:48:05 echo ""

57 10:48:05 echo "Scout Analysis: https://scout.scandit.io/analysis/projects/${CI_PROJECT_ID}/jobs/${CI_JOB_ID}"

58 10:48:05 echo ""

59 10:48:05 echo ""

60 10:48:05 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=${EPOCHSECONDS}000"

61 10:48:05 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=${EPOCHSECONDS}000"

62 10:48:05 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=${EPOCHSECONDS}000"

63 10:48:05 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

64 10:48:05 echo ""

65 10:48:05 exit $rv

66 10:48:05 }

67 10:48:05 trap cleanup EXIT

68 10:48:05 echo "INFO: This is the CI job pre_build_script"

69 10:48:05 echo "INFO: It's defined in the backend/infra/aws repo."

70 10:48:05 echo "INFO: These additional Scandit variables are available to you:"

71 10:48:05 echo " SC_K8S_NODE_NAME: $SC_K8S_NODE_NAME"

72 10:48:05 echo " SC_K8S_IMAGE_ID: $SC_K8S_IMAGE_ID"

73 10:48:05 echo " SC_K8S_KYVERNO_PATCHES: |"

74 10:48:05 echo "$SC_K8S_KYVERNO_PATCHES" | sed 's/^/ /'

75 10:48:05 echo "cpu (r/l): ${SC_K8S_REQUESTS_CPU}/${SC_K8S_LIMITS_CPU}"

76 10:48:05 if command -v numfmt >/dev/null 2>&1; then

77 10:48:05 echo "memory (r/l): $(numfmt --to=iec --suffix=B $SC_K8S_REQUESTS_MEMORY)/$(numfmt --to=iec --suffix=B $SC_K8S_LIMITS_MEMORY)"

78 10:48:05 else

79 10:48:05 echo "memory (r/l): ${SC_K8S_REQUESTS_MEMORY}/${SC_K8S_LIMITS_MEMORY}"

80 10:48:05 fi

81 10:48:05 __start_time=${EPOCHSECONDS}

82 10:48:05 echo ""

83 10:48:05 echo "Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-host=${SC_K8S_NODE_NAME}&var-namespace=${SC_K8S_NAMESPACE}&var-pod=${HOSTNAME}&var-resolution=15&from=${__start_time}000&to=now"

84 10:48:05 echo "Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=${GRAFANA_DATASOURCE}&var-node=${SC_K8S_NODE_NAME}&var-resolution=15s&from=${__start_time}000&to=now"

85 10:48:05 echo "Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=${LOKI_DATASOURCE}&var-filters=log_group|=|gitlab-runner&var-filters=source|=|${LOKI_LOGSOURCE}&var-filters=namespace|=|${SC_K8S_NAMESPACE}&var-filters=CI_PROJECT_ID|=|${CI_PROJECT_ID}&var-filters=CI_PIPELINE_ID|=|${CI_PIPELINE_ID}&var-filters=CI_JOB_ID|=|${CI_JOB_ID}&sortOrder=Ascending&from=${__start_time}000&to=now"

86 10:48:05 echo "Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=$(date -d '-7 days' +%Y-%m-%d)~$(date -d '+7 days' +%Y-%m-%d)&job_name=${CI_JOB_NAME}&project=${CI_PROJECT_PATH}"

87 10:48:05 echo ""

88 10:48:05 echo "Setting up credentials for Gitlab Python registries"

89 10:48:05 mkdir -p ~

90 10:48:05 echo "machine gitlab.scandit.com" > ~/.netrc

91 10:48:05 echo "login gitlab-ci-token" >> ~/.netrc

92 10:48:05 echo "password ${CI_JOB_TOKEN}" >> ~/.netrc

93 10:48:05 chmod 600 ~/.netrc

94 10:48:05 if command -v git &> /dev/null && [ "$(id -u)" -ne 0 ]; then

95 10:48:05 git config --global --add safe.directory $CI_PROJECT_DIR

96 10:48:05 fi

97 10:48:05 # Sonarqube server is running on the same cluster. Use internal address

98 10:48:05 export SONAR_HOST_URL="http://sonarqube.sonarqube.svc.cluster.local:9000"

99 10:48:05 section_end:1778237285:section_pre_build_script_0

100 10:48:05 INFO: This is the CI job pre_build_script

101 10:48:05 INFO: It's defined in the backend/infra/aws repo.

102 10:48:05 INFO: These additional Scandit variables are available to you:

103 10:48:05 SC_K8S_NODE_NAME: ip-10-0-17-81.eu-central-1.compute.internal

104 10:48:05 SC_K8S_IMAGE_ID:

105 10:48:05 SC_K8S_KYVERNO_PATCHES: |

106 10:48:05

107 10:48:05 cpu (r/l): 2/4

108 10:48:05 memory (r/l): 4000000000/17179869184

109 10:48:05

110 10:48:05 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-17-81.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-0-rgdwzihg&var-resolution=15&from=1778237285000&to=now

111 10:48:05 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-17-81.eu-central-1.compute.internal&var-resolution=15s&from=1778237285000&to=now

112 10:48:05 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1585539&var-filters=CI_JOB_ID|=|54677885&sortOrder=Ascending&from=1778237285000&to=now

113 10:48:05 date: invalid date '-7 days'

114 10:48:05 date: invalid date '+7 days'

115 10:48:05 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

116 10:48:05

117 10:48:05 Setting up credentials for Gitlab Python registries

118 10:48:05 $ echo $DOCKER_CONFIG_JSON > /kaniko/.docker/config.json

119 10:48:05 $ mv /root/.netrc /kaniko/.netrc

120 10:48:05 section_start:1778237285:section_script_step_2[hide_duration=true,collapsed=true] $ function copy_files() {

121 10:48:05 local src="$1"

122 10:48:05 local trg="$2"

123 10:48:05 for f in $src; do

124 10:48:05 t="$trg/`dirname $f`"

125 10:48:05 mkdir -p $t || true

126 10:48:05 echo "Copy $f"

127 10:48:05 cp -pr $f $trg/$f

128 10:48:05 done

129 10:48:05 }

130 10:48:05 function recursive_hash() {

131 10:48:05 local dir="$1"

132 10:48:05 find "$dir" -exec stat -c '%F|%a|%u:%g|%n' {} + -type f -exec sha256sum {} + | sort | sha256sum | cut -d ' ' -f1

133 10:48:05 }

134 10:48:05 function remote_docker_digest() {

135 10:48:05 local images="$1"

136 10:48:05 echo $images | xargs -n 1 crane digest

137 10:48:05 }

138 10:48:05 function remote_image_exists() {

139 10:48:05 local image="$1"

140 10:48:05 crane manifest $image > /dev/null 2>&1

141 10:48:05 }

142 10:48:05 function remote_images_are_identical() {

143 10:48:05 local imageA="$1"

144 10:48:05 local imageB="$2"

145 10:48:05 if [[ $(remote_docker_digest "$imageA") == $(remote_docker_digest "$imageB") ]]; then

146 10:48:05 return 0

147 10:48:05 else

148 10:48:05 return 1

149 10:48:05 fi

150 10:48:05 }

151 10:48:05 function copy_image() {

152 10:48:05 local image="$1"

153 10:48:05 local remotes="$2"

154 10:48:05 local backup_ext="$3"

155 10:48:05 echo "$image"

156 10:48:05 local source_digest=$(remote_docker_digest $image)

157 10:48:05 local target_digest

158 10:48:05 for registry in $remotes; do

159 10:48:05 if target_digest=$(remote_docker_digest $registry); then

160 10:48:05 if [ "$target_digest" != "$source_digest" ]; then

161 10:48:05 echo "image outdated, overwriting with newest version"

162 10:48:05 crane copy $image $registry

163 10:48:05 crane copy $image ${registry}${backup_ext}

164 10:48:05 fi

165 10:48:05 else

166 10:48:05 echo "image does not exist, writing newest version"

167 10:48:05 crane copy $image $registry

168 10:48:05 crane copy $image ${registry}${backup_ext}

169 10:48:05 fi

170 10:48:05 done

171 10:48:05 }

172 10:48:05 section_end:1778237285:section_script_step_2

173 10:48:05 section_start:1778237285:section_script_step_3[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_SUBDIR" != "" ]; then

174 10:48:05 echo "Entering subpath $CONTAINER_SUBDIR"

175 10:48:05 cd $CONTAINER_SUBDIR

176 10:48:05 fi

177 10:48:05 section_end:1778237285:section_script_step_3

178 10:48:05 $ copy_files "$CONTAINER_IMPLICIT_REQUIREMENTS $CONTAINER_REQUIREMENTS" "$CONTAINER_CONTEXT_PATH"

179 10:48:05 Copy Dockerfile.dhi

180 10:48:05 $ echo "$CONTAINER_BUILD_ENVIRONMENT" > $CONTAINER_CONTEXT_PATH/.docker-build-env

181 10:48:05 $ docker_checksum=$(recursive_hash $CONTAINER_CONTEXT_PATH)

182 10:48:05 section_start:1778237285:section_script_step_7[hide_duration=true,collapsed=true] $ if [ "$CONTAINER_IMAGE_NAME" == "" ]; then

183 10:48:05 final_image_name=${CONTAINER_IMAGE_URL}

184 10:48:05 else

185 10:48:05 final_image_name=${CONTAINER_IMAGE_URL}/${CONTAINER_IMAGE_NAME}

186 10:48:05 fi

187 10:48:05 section_end:1778237285:section_script_step_7

188 10:48:05 $ final_image_url=${final_image_name}:${docker_checksum}

189 10:48:05 section_start:1778237285:section_script_step_9[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

190 10:48:05 echo $CONTAINER_IMAGE_VARIABLE=${final_image_url}-P${CI_PROJECT_ID}-${CI_PIPELINE_ID} > $CI_PROJECT_DIR/docker_image_build.env

191 10:48:05 else

192 10:48:05 echo $CONTAINER_IMAGE_VARIABLE=$final_image_url > $CI_PROJECT_DIR/docker_image_build.env

193 10:48:05 fi

194 10:48:05 section_end:1778237285:section_script_step_9

195 10:48:05 $ echo ${CONTAINER_IMAGE_VARIABLE}_HASH=$docker_checksum >> $CI_PROJECT_DIR/docker_image_build.env

196 10:48:05 section_start:1778237285:section_script_step_11[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] || command -v crane &> /dev/null; then

197 10:48:05 echo $REGISTRY_PASSWORD | crane auth login $REGISTRY -u $REGISTRY_USER --password-stdin

198 10:48:05 fi

199 10:48:05 section_end:1778237285:section_script_step_11

200 10:48:05

201 10:48:05 WARNING! Your credentials are stored unencrypted in '/kaniko/.docker/config.json'.

202 10:48:05 Configure a credential helper to remove this warning. See

203 10:48:05 https://docs.docker.com/go/credential-store/

204 10:48:05

205 10:48:05 2026/05/08 10:48:05 logged in via /kaniko/.docker/config.json

206 10:48:05 section_start:1778237285:section_script_step_12[hide_duration=true,collapsed=true] $ if [ "${FORCE_BUILD}" != "true" ] && remote_image_exists "$final_image_url"; then

207 10:48:05 echo "Image already exists, skip the build."

208 10:48:05 echo "$final_image_url"

209 10:48:05 if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

210 10:48:05 _EXT=""

211 10:48:05 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

212 10:48:05 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

213 10:48:05 _EXT="-MR${CI_MERGE_REQUEST_IID}"

214 10:48:05 _BACKUP_EXT=""

215 10:48:05 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

216 10:48:05 _EXT="-${CI_COMMIT_REF_SLUG}"

217 10:48:05 _BACKUP_EXT="-CI${CI_JOB_ID}-$(date '+%Y%m%d')"

218 10:48:05 fi

219 10:48:05 for _TAG in $CONTAINER_IMAGE_TAG; do

220 10:48:05 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

221 10:48:05 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}" "${_BACKUP_EXT}"

222 10:48:05 done

223 10:48:05 if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

224 10:48:05 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

225 10:48:05 echo "Copying ${final_image_url} to ${final_image_url}${_EXT}"

226 10:48:05 copy_image "${final_image_url}" "${final_image_url}${_EXT}"

227 10:48:05 for _TAG in $CONTAINER_IMAGE_TAG; do

228 10:48:05 echo "Copying ${final_image_url} to ${final_image_name}:${_TAG}${_EXT}"

229 10:48:05 copy_image "${final_image_url}" "${final_image_name}:${_TAG}${_EXT}"

230 10:48:05 done

231 10:48:05 fi

232 10:48:05 exit 0

233 10:48:05 fi

234 10:48:05 section_end:1778237285:section_script_step_12

235 10:48:06 $ DESTINATIONS="--destination=$final_image_url"

236 10:48:06 section_start:1778237286:section_script_step_14[hide_duration=true,collapsed=true] $ if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then

237 10:48:06 _EXT=""

238 10:48:06 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

239 10:48:06 elif [[ -n "$CI_MERGE_REQUEST_ID" ]]; then

240 10:48:06 _EXT="-MR${CI_MERGE_REQUEST_IID}"

241 10:48:06 TIMESTAMP_TAGS=""

242 10:48:06 elif [[ "$CI_COMMIT_REF_PROTECTED" == "true" ]]; then

243 10:48:06 _EXT="-${CI_COMMIT_REF_SLUG}"

244 10:48:06 TIMESTAMP_TAGS=$CONTAINER_IMAGE_TAG

245 10:48:06 fi

246 10:48:06 section_end:1778237286:section_script_step_14

247 10:48:06 section_start:1778237286:section_script_step_15[hide_duration=true,collapsed=true] $ for _TAG in $CONTAINER_IMAGE_TAG; do

248 10:48:06 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

249 10:48:06 done

250 10:48:06 section_end:1778237286:section_script_step_15

251 10:48:06 section_start:1778237286:section_script_step_16[hide_duration=true,collapsed=true] $ if [ "${PIPELINE_IMAGE_REFS}" == "1" ]; then

252 10:48:06 _EXT="-P${CI_PROJECT_ID}-${CI_PIPELINE_ID}"

253 10:48:06 DESTINATIONS="${DESTINATIONS} --destination=${final_image_url}${_EXT}"

254 10:48:06 for _TAG in $CONTAINER_IMAGE_TAG; do

255 10:48:06 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}"

256 10:48:06 done

257 10:48:06 fi

258 10:48:06 section_end:1778237286:section_script_step_16

259 10:48:06 section_start:1778237286:section_script_step_17[hide_duration=true,collapsed=true] $ DATE=$(date '+%Y%m%d')

260 10:48:06 for _TAG in $TIMESTAMP_TAGS; do

261 10:48:06 DESTINATIONS="${DESTINATIONS} --destination=${final_image_name}:${_TAG}${_EXT}-CI${CI_JOB_ID}-${DATE}"

262 10:48:06 done

263 10:48:06 section_end:1778237286:section_script_step_17

264 10:48:06 section_start:1778237286:section_script_step_18[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_BUILD_ARGS}" ]; then

265 10:48:06 for _BUILD_ARG in $CONTAINER_BUILD_ARGS; do

266 10:48:06 FINAL_BUILD_ARGS="--build-arg $_BUILD_ARG $FINAL_BUILD_ARGS"

267 10:48:06 done

268 10:48:06 fi

269 10:48:06 section_end:1778237286:section_script_step_18

270 10:48:06 section_start:1778237286:section_script_step_19[hide_duration=true,collapsed=true] $ for _PATH in $CONTAINER_IGNORE_PATHS; do

271 10:48:06 FINAL_IGNORE_PATHS="--ignore-path=$_PATH $FINAL_IGNORE_PATHS"

272 10:48:06 done

273 10:48:06 section_end:1778237286:section_script_step_19

274 10:48:06 section_start:1778237286:section_script_step_20[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_PLATFORM}" ]; then

275 10:48:06 KANIKO_PLATFORM="--custom-platform=${CONTAINER_PLATFORM}"

276 10:48:06 fi

277 10:48:06 section_end:1778237286:section_script_step_20

278 10:48:06 $ ANNOTATIONS=""

279 10:48:06 section_start:1778237286:section_script_step_22[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_REF_NAME" ]]; then

280 10:48:06 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME}"

281 10:48:06 fi

282 10:48:06 section_end:1778237286:section_script_step_22

283 10:48:06 section_start:1778237286:section_script_step_23[hide_duration=true,collapsed=true] $ if [[ -n "$CI_COMMIT_SHA" ]]; then

284 10:48:06 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.revision=${CI_COMMIT_SHA}"

285 10:48:06 fi

286 10:48:06 section_end:1778237286:section_script_step_23

287 10:48:06 section_start:1778237286:section_script_step_24[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_URL" ]]; then

288 10:48:06 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.url=${CI_JOB_URL}"

289 10:48:06 fi

290 10:48:06 section_end:1778237286:section_script_step_24

291 10:48:06 section_start:1778237286:section_script_step_25[hide_duration=true,collapsed=true] $ if [[ -n "$CI_PIPELINE_ID" ]]; then

292 10:48:06 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.pipeline_id=${CI_PIPELINE_ID}"

293 10:48:06 fi

294 10:48:06 section_end:1778237286:section_script_step_25

295 10:48:06 section_start:1778237286:section_script_step_26[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_ID" ]]; then

296 10:48:06 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_id=${CI_JOB_ID}"

297 10:48:06 fi

298 10:48:06 section_end:1778237286:section_script_step_26

299 10:48:06 section_start:1778237286:section_script_step_27[hide_duration=true,collapsed=true] $ if [[ -n "$CI_JOB_IMAGE" ]]; then

300 10:48:06 ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.gitlab.ci.job_image=${CI_JOB_IMAGE}"

301 10:48:06 fi

302 10:48:06 section_end:1778237286:section_script_step_27

303 10:48:06 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.title=${final_image_name}:$(echo $CONTAINER_IMAGE_TAG | cut -d' ' -f1)"

304 10:48:06 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)"

305 10:48:06 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY org.opencontainers.image.vendor=Scandit"

306 10:48:06 $ ANNOTATIONS="${ANNOTATIONS} $KANIKO_ANNOTATION_KEY io.scandit.ci.hash=${docker_checksum}"

307 10:48:06 section_start:1778237286:section_script_step_32[hide_duration=true,collapsed=true] $ if [ -n "${CONTAINER_TARGET_STAGE}" ]; then

308 10:48:06 KANIKO_TARGET="--target $CONTAINER_TARGET_STAGE"

309 10:48:06 fi

310 10:48:06 section_end:1778237286:section_script_step_32

311 10:48:06 $ set -x

312 10:48:06 + echo '$ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS'

313 10:48:06 $ /kaniko/executor --context $CONTAINER_CONTEXT_PATH --dockerfile $CONTAINER_DOCKERFILE $DESTINATIONS --cache=true --cache-copy-layers --cache-dir /cache/kaniko --cache-repo $CONTAINER_CACHE_REPO --cache-ttl=$CONTAINER_CACHE_TTL $FINAL_IGNORE_PATHS $KANIKO_TARGET $FINAL_BUILD_ARGS $KANIKO_PLATFORM $ANNOTATIONS $KANIKO_DEFAULT_FLAGS $KANIKO_EXTRA_FLAGS

314 10:48:06 + /kaniko/executor --context /build/internal/gitlab-templates/context/ --dockerfile Dockerfile.dhi '--destination=registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' '--destination=registry.scandit.com/internal/gitlab-templates:latest-MR641' '--cache=true' --cache-copy-layers --cache-dir /cache/kaniko --cache-repo registry.scandit.com/internal/gitlab-templates/cache '--cache-ttl=336h' --annotation 'org.opencontainers.image.ref.name=feat/aws-credentials-template' --annotation 'org.opencontainers.image.revision=6e76a6a0c66ea57870d5fd9b25d54de105102fe9' --annotation 'org.opencontainers.image.url=https://gitlab.scandit.com/internal/gitlab-templates/-/jobs/54677885' --annotation 'io.gitlab.ci.pipeline_id=1585539' --annotation 'io.gitlab.ci.job_id=54677885' --annotation 'io.gitlab.ci.job_image=registry.scandit.com/dockerfiles/kaniko:v1.27.3-crane@sha256:72bdc063db14f38a45910d33ccf066ecb088d4833fb2437fef336e49b81fd4ac' --annotation 'org.opencontainers.image.title=registry.scandit.com/internal/gitlab-templates:latest' --annotation 'org.opencontainers.image.created=2026-05-08T10:48:06Z' --annotation 'org.opencontainers.image.vendor=Scandit' --annotation 'io.scandit.ci.hash=7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5' --preserve-context '--credential-helpers=gitlab' --secret 'id=netrc,src=/kaniko/.netrc' --secret 'id=ci_job_token,env=CI_JOB_TOKEN'

315 10:48:06 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

316 10:48:07 INFO[0000] Retrieving image manifest dhi.io/debian-base:trixie-dev

317 10:48:07 INFO[0000] Retrieving image dhi.io/debian-base:trixie-dev from registry dhi.io

318 10:48:07 INFO[0000] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

319 10:48:08 INFO[0001] Retrieving image manifest dhi.io/debian-base:trixie-dev

320 10:48:08 INFO[0001] Returning cached image manifest

321 10:48:08 INFO[0002] Retrieving image manifest dhi.io/debian-base:trixie-dev

322 10:48:08 INFO[0002] Returning cached image manifest

323 10:48:08 INFO[0002] Retrieving image manifest dhi.io/debian-base:trixie-dev

324 10:48:08 INFO[0002] Returning cached image manifest

325 10:48:08 INFO[0002] Built cross stage deps: map[]

326 10:48:08 INFO[0002] Skipping context snapshot as no-one requires it

327 10:48:08 INFO[0002] Retrieving image manifest dhi.io/debian-base:trixie-dev

328 10:48:08 INFO[0002] Returning cached image manifest

329 10:48:08 INFO[0002] Retrieving image manifest dhi.io/debian-base:trixie-dev

330 10:48:08 INFO[0002] Returning cached image manifest

331 10:48:08 INFO[0002] Building stage 'dhi.io/debian-base:trixie-dev' [idx: '0', base-idx: '-1']

332 10:48:08 INFO[0002] Checking for cached layer registry.scandit.com/internal/gitlab-templates/cache:d888bb5f1d30d5cd604004c0e2efd2da55136df1bd831d56450f09afbc8675bc...

333 10:48:08 INFO[0002] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

334 10:48:09 INFO[0002] Using caching version of cmd: RUN whoami

335 10:48:09 INFO[0002] Skipping unpacking as no commands require it.

336 10:48:09 INFO[0002] RUN whoami

337 10:48:09 INFO[0002] Found cached layer, extracting to filesystem

338 10:48:09 INFO[0002] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

339 10:48:09 INFO[0002] Pushing image to registry.scandit.com/internal/gitlab-templates:7cab3f1e0219653ff5029d0b1a44ab4743cad232fcf410628fce4f7d9b23b5f5

340 10:48:10 INFO[0003] Pushed registry.scandit.com/internal/gitlab-templates@sha256:5fae8bd80281be74eab47bf0059dc3b7c8f312f41016c7be190787652c5fdacd

341 10:48:10 INFO[0003] credential providers by priority: [file:/kaniko/.docker/config.json, gitlab]

342 10:48:10 INFO[0003] Pushing image to registry.scandit.com/internal/gitlab-templates:latest-MR641

343 10:48:11 INFO[0004] Pushed registry.scandit.com/internal/gitlab-templates@sha256:5fae8bd80281be74eab47bf0059dc3b7c8f312f41016c7be190787652c5fdacd

344 10:48:11 + cleanup

345 10:48:11 + rv=0

346 10:48:11 + '[' 0 -ne 0 ]

347 10:48:11 + echo

348 10:48:11

349 10:48:11 + echo 'Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54677885'

350 10:48:11 Scout Analysis: https://scout.scandit.io/analysis/projects/621/jobs/54677885

351 10:48:11 + echo

352 10:48:11

353 10:48:11 + echo

354 10:48:11

355 10:48:11 + echo 'Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-17-81.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-0-rgdwzihg&var-resolution=15&from=1778237285000&to=1778237291000'

356 10:48:11 Grafana Pod-View: https://grafana.scandit.com/d/k8s_views_pods/kubernetes-views-pods?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-host=ip-10-0-17-81.eu-central-1.compute.internal&var-namespace=gitlab-runner&var-pod=runner-wrxjpbsjx-project-621-concurrent-0-rgdwzihg&var-resolution=15&from=1778237285000&to=1778237291000

357 10:48:11 + echo 'Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-17-81.eu-central-1.compute.internal&var-resolution=15s&from=1778237285000&to=1778237291000'

358 10:48:11 Grafana Node-View: https://grafana.scandit.com/d/k8s_views_nodes/kubernetes-views-nodes?orgId=1&refresh=1m&var-datasource=lu1rmx27z&var-node=ip-10-0-17-81.eu-central-1.compute.internal&var-resolution=15s&from=1778237285000&to=1778237291000

359 10:48:11 + echo 'Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1585539&var-filters=CI_JOB_ID|=|54677885&sortOrder=Ascending&from=1778237285000&to=1778237291000'

360 10:48:11 Loki Logs: https://grafana.scandit.com/a/grafana-lokiexplore-app/explore/log_group/gitlab-runner/logs?var-ds=nVsAo7UVk&var-filters=log_group|=|gitlab-runner&var-filters=source|=|k8s-ci.aws.scandit.io&var-filters=namespace|=|gitlab-runner&var-filters=CI_PROJECT_ID|=|621&var-filters=CI_PIPELINE_ID|=|1585539&var-filters=CI_JOB_ID|=|54677885&sortOrder=Ascending&from=1778237285000&to=1778237291000

361 10:48:11 + date -d '-7 days' '+%Y-%m-%d'

362 10:48:11 date: invalid date '-7 days'

363 10:48:11 + date -d '+7 days' '+%Y-%m-%d'

364 10:48:11 date: invalid date '+7 days'

365 10:48:11 + echo 'Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates'

366 10:48:11 Lilibet Statistics: https://lilibet.scandit.io/dashboard/204-job-drill-down?date_range=~&job_name=build-python3-image-with-docker-hardened-image&project=internal/gitlab-templates

367 10:48:11 + echo

368 10:48:11

369 10:48:11 + exit 0

370 10:48:11

371 10:48:11 section_end:1778237291:step_script

372 10:48:11 +section_start:1778237291:upload_artifacts_on_success

373 10:48:11 +Uploading artifacts for successful job

374 10:48:12 Uploading artifacts...

375 10:48:12 docker_image_build.env: found 1 matching artifact files and directories

376 10:48:13 Uploading artifacts as "dotenv" to coordinator... 201 Created correlation_id=01KR3K7FE8CXMZR7MYM2245BCJ id=54677885 responseStatus=201 Created token=64_tb76Nr

377 10:48:13

378 10:48:13 section_end:1778237293:upload_artifacts_on_success

379 10:48:13 +section_start:1778237293:cleanup_file_variables

380 10:48:13 +Cleaning up project directory and file based variables

381 10:48:13

382 10:48:13 section_end:1778237293:cleanup_file_variables

383 10:48:13 +

384 10:48:13 Job succeeded

385

build-python3-image-with-docker-hardened-image ○ success

Job Execution Phases

Full Job Log