GitLab setup:

We need to have the below GitLab setup -

1. First create a project in the GitLab. You can find the details on how to create the project using the below links -
2. Upload all the required files to GitLab repository as mentioned in the links in step # 1. It will look like this -



As you can see from the above screenshot that there is a “public” folder created. This folder contains all the files that I am copying to the specific folders as mentioned in the Docker file. It looks like this -



3. Click on the settings button and make sure that you have the CI/CD option enabled as shown in the screenshot below. Else, you will not see the CI/CD option where you have to check the pipeline run status -



4. Now create the variables in the settings as shown below. We will use these variables in the pipeline script -



The defined variables are as follows -
ART_DOCKER_PASS: <Password to access Artifactory docker repository. Generally it is the same with which you login to the JFrog UI and view docker repositories>

ART_DOCKER_REG: test.jfrog.io

ART_DOCKER_USER: <Username to access Artifactory docker repository. Generally it is the same with which you login to the JFrog UI and view docker repositories>

ART_PLAT_PASS: <Password to login to JFrog UI>

ART_PLAT_URL: https://test.jfrog.io

ART_PLAT_USER: <Username to login to JFrog UI>

ARTIFACTORY_PROJECT_KEY: <Project Key defined in the project as shown in step # 1 under JFrog Platform Setup>

5. Now add a file called “.gitlab-ci.yml” in the GitLab project. The details on how to add the file is mentioned in this document - https://docs.gitlab.com/ee/ci/quick_start/
6. Now add the below content in the yaml file that is just added -

docker-build:
  # Use the official docker image.
  image: docker:latest
  stage: build
  services:
    - docker:dind
  before_script:
    - apk add --update curl && rm -rf /var/cache/apk/*
    # docker login to Artifactory
    - docker login -u "$ART_DOCKER_USER" -p "$ART_DOCKER_PASS" $ART_DOCKER_REG
    # Installing JFrog CLI
    - curl -fL https://install-cli.jfrog.io | sh
    - chmod +x /usr/local/bin/jf
    # Configure Artifactory instance with JFrog CLI
    - pwd
    - cd /usr/local/bin/
    - ./jf --version
    - ./jf c add  artifactory-server --url=$ART_PLAT_URL --user=$ART_PLAT_USER --password=$ART_PLAT_PASS
  script:
    # docker build  
    - docker build --pull -t "$ART_DOCKER_REG/dct-docker/test:$CI_JOB_ID" /builds/swarnendukayal/docker-jfrog
    - cd /usr/local/bin/
    # On-deman scanning
    - ./jf docker scan "$ART_DOCKER_REG/dct-docker/test:$CI_JOB_ID" --project=$ARTIFACTORY_PROJECT_KEY
    # Docker push
    - ./jf rt docker-push "$ART_DOCKER_REG/dct-docker/test:$CI_JOB_ID" dct-docker --build-name=docker-jfrog --build-number=$CI_JOB_ID --project=$ARTIFACTORY_PROJECT_KEY 
    # Collect the environment variables
    - ./jf rt bce docker-jfrog $CI_JOB_ID --project=$ARTIFACTORY_PROJECT_KEY
    # Pass the build information to Artifactory
    - ./jf rt bp docker-jfrog $CI_JOB_ID --project=$ARTIFACTORY_PROJECT_KEY
    # Scanning the docker build
    - ./jf bs docker-jfrog $CI_JOB_ID --project=$ARTIFACTORY_PROJECT_KEY
  # Run this job in a branch where a Dockerfile exists
  rules:
    - if: $CI_COMMIT_BRANCH
      exists:
        - Dockerfile

Please note that the location “/builds/swarnendukayal/docker-jfrog” is configured to define the GitLab repository path from where the Dockerfile will refer the files while doing the docker build. This location will change project to project and profile to profile.

For example: as the URL of my sample project is -
If the URL was as below - https://gitlab.com/abc/test-jfrog/-/blob/master/.gitlab-ci.yml, then the location would be “/builds/abc/test-jfrog”. Kindly change as per your project and repository location.

Once you save this file, it will immediately, trigger a build and you can find the build status as shown below -



The builds are showing failure as the Xray policy has been defined to fail the build if any vulnerabilities are caught.