Running with gitlab-runner 13.2.0 (353dd94e)  on global-shared-gitlab-runner-8dd6b4777-87gcx dPJcxnQf section_start:1601420703:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runner Using Kubernetes executor with image ${GITLAB_INTERNAL_REGISTRY}/ironbank-tools/ironbank-pipeline/python:pyyaml ... section_end:1601420703:prepare_executor section_start:1601420703:prepare_script Preparing environment Waiting for pod gitlab-runner/runner-dpjcxnqf-project-701-concurrent-0dgc29 to be running, status is Pending Running on runner-dpjcxnqf-project-701-concurrent-0dgc29 via global-shared-gitlab-runner-8dd6b4777-87gcx... section_end:1601420706:prepare_script section_start:1601420706:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/dsop/coder-enterprise/coder-enterprise/timescale/.git/ Created fresh repository. Checking out 0ebbd133 as development... Skipping Git submodules setup section_end:1601420706:get_sources section_start:1601420706:download_artifacts Downloading artifacts Downloading artifacts for sign image (340718)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340718 responseStatus=200 OK token=aBXMue94 Downloading artifacts for write json documentation (340720)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340720 responseStatus=200 OK token=kM5Lr2pi Downloading artifacts for sign manifest (340719)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340719 responseStatus=200 OK token=eMAyWMpM Downloading artifacts for csv output (340716)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340716 responseStatus=200 OK token=uRShaDEc Downloading artifacts for openscap cve (340713)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340713 responseStatus=200 OK token=9ubLcfqo Downloading artifacts for anchore scan (340715)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340715 responseStatus=200 OK token=v2ixENma Downloading artifacts for openscap compliance (340712)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340712 responseStatus=200 OK token=nkY1uaAZ Downloading artifacts for twistlock scan (340714)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340714 responseStatus=200 OK token=NhF2Aun- Downloading artifacts for build (340711)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340711 responseStatus=200 OK token=oRfc9vPo Downloading artifacts for load scripts (340705)... Dialing: tcp gitlab-webservice.gitlab.svc.cluster.local:8181 ... Downloading artifacts from coordinator... ok  id=340705 responseStatus=200 OK token=N1hQkL92 section_end:1601420716:download_artifacts section_start:1601420716:step_script Executing "step_script" stage of the job script $ mkdir -p ${ARTIFACT_DIR} $ pip install boto3 Collecting boto3 Downloading boto3-1.15.8-py2.py3-none-any.whl (129 kB) Collecting s3transfer<0.4.0,>=0.3.0 Downloading s3transfer-0.3.3-py2.py3-none-any.whl (69 kB) Collecting jmespath<1.0.0,>=0.7.1 Downloading jmespath-0.10.0-py2.py3-none-any.whl (24 kB) Collecting botocore<1.19.0,>=1.18.8 Downloading botocore-1.18.8-py2.py3-none-any.whl (6.6 MB) Collecting python-dateutil<3.0.0,>=2.1 Downloading python_dateutil-2.8.1-py2.py3-none-any.whl (227 kB) Collecting urllib3<1.26,>=1.20; python_version != "3.4" Downloading urllib3-1.25.10-py2.py3-none-any.whl (127 kB) Collecting six>=1.5 Downloading six-1.15.0-py2.py3-none-any.whl (10 kB) Installing collected packages: jmespath, six, python-dateutil, urllib3, botocore, s3transfer, boto3 Successfully installed boto3-1.15.8 botocore-1.18.8 jmespath-0.10.0 python-dateutil-2.8.1 s3transfer-0.3.3 six-1.15.0 urllib3-1.25.10 WARNING: You are using pip version 20.2.2; however, version 20.2.3 is available. You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command. $ if [ "${CI_COMMIT_BRANCH}" == "master" ]; then # collapsed multi-line command $ export REMOTE_REPORT_DIRECTORY="${CI_PIPELINE_ID}/reports" $ export REMOTE_DOCUMENTATION_DIRECTORY="${CI_PIPELINE_ID}" $ export IMAGE_PATH=$(echo ${CI_PROJECT_PATH} | sed -e 's/.*dsop\/\(.*\)/\1/') $ S3_HTML_LINK="https://s3-us-gov-west-1.amazonaws.com/${S3_REPORT_BUCKET}/${BASE_BUCKET_DIRECTORY}/${CI_PROJECT_NAME}/${IMG_VERSION}" $ GPG_PUB_KEY=$(awk '{printf "%s\\n", $0}' ${IB_CONTAINER_GPG_PUBKEY}) $ export FILES=${SCAN_DIRECTORY}/* # collapsed multi-line command updating from latest. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 39776 100 39776 0 0 579k 0 --:--:-- --:--:-- --:--:-- 579k $ python3 "${PIPELINE_REPO_DIR}/stages/publish/create_repo_map.py" --repo_name="${IM_NAME}" --approval_status="${IMAGE_APPROVAL_STATUS}" --public_key="${GPG_PUB_KEY}" --image_sha="${IMAGE_ID}" --image_name="${CI_PROJECT_NAME}" --image_tag="${IMG_VERSION}" --image_path="${REGISTRY_URL}/${IM_NAME}:${IMG_VERSION}" --image_url="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/${IMAGE_FILE}.tar" --build_number="${CI_PIPELINE_ID}" --image_manifest="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/manifest.json" --manifest_name="manifest.json" --pgp_signature="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/${SIG_FILE}.sig" --signature_name="${SIG_FILE}.sig" --version_documentation="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/${DOCUMENTATION_FILENAME}.json" --tar_location="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/${REPORT_TAR_NAME}" --tar_name="${IMAGE_FILE}.tar" --openscap_compliance_results="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/oscap.csv" --openscap_oval_results="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/oval.csv" --twistlock_results="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/tl.csv" --anchore_gates_results="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/anchore_gates.csv" --anchore_security_results="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/anchore_security.csv" --summary_report="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/summary.csv" --full_report="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/csvs/all_scans.xlsx" --openscap_report="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/openscap/report.html" --oval_report="${S3_HTML_LINK}/${REMOTE_REPORT_DIRECTORY}/openscap/report-cve.html" --project_license "${PROJECT_LICENSE}" --project_readme "${PROJECT_README}" --signature_name="${SIG_FILE}.sig" --output_dir="${ARTIFACT_DIR}" --job_type="${job_type}" $ mkdir reports $ cp -r ${DOCUMENTATION_DIRECTORY}/reports/* reports/ $ cp -r ${SCAN_DIRECTORY}/* reports/ $ cp ${BUILD_DIRECTORY}/${CI_PROJECT_NAME}-${IMG_VERSION}.tar reports/${CI_PROJECT_NAME}-${IMG_VERSION}.tar $ cp "${PROJECT_LICENSE}" "${PROJECT_README}" reports/ $ ls reports LICENSE README.md anchore csvs documentation.json manifest.json openscap signature.sig timescale-1.11.0.sig timescale-1.11.0.tar twistlock $ tar -zcvf "${REPORT_TAR_NAME}" reports reports/ reports/documentation.json reports/manifest.json reports/signature.sig reports/timescale-1.11.0.sig reports/timescale-1.11.0.tar reports/anchore/ reports/anchore/anchore-version.txt reports/anchore/anchore_api_gates_full.json reports/anchore/anchore_gates.json reports/anchore/anchore_security.json reports/csvs/ reports/csvs/all_scans.xlsx reports/csvs/anchore_gates.csv reports/csvs/anchore_security.csv reports/csvs/oscap.csv reports/csvs/oval.csv reports/csvs/summary.csv reports/csvs/tl.csv reports/openscap/ reports/openscap/report-cve.html reports/openscap/report-cve.xml reports/openscap/oscap-version.txt reports/openscap/report.html reports/twistlock/ reports/twistlock/1.11.0.json reports/twistlock/twistlock-version.txt reports/LICENSE reports/README.md $ python3 "${PIPELINE_REPO_DIR}/stages/publish/s3_upload.py" --file repo_map.json --bucket "${S3_REPORT_BUCKET}" --dest "${BASE_BUCKET_DIRECTORY}/${IM_NAME}/repo_map.json" $ for file in $(find "${DOCUMENTATION_DIRECTORY}" -name "*" -type f); do # collapsed multi-line command $ for file in $(find "${SCAN_DIRECTORY}" -name "*" -type f); do # collapsed multi-line command ci-artifacts/scan-results/csvs/all_scans.xlsx ci-artifacts/scan-results/csvs/anchore_gates.csv ci-artifacts/scan-results/csvs/anchore_security.csv ci-artifacts/scan-results/csvs/oscap.csv ci-artifacts/scan-results/csvs/oval.csv ci-artifacts/scan-results/csvs/summary.csv ci-artifacts/scan-results/csvs/tl.csv ci-artifacts/scan-results/openscap/report-cve.html ci-artifacts/scan-results/openscap/report-cve.xml ci-artifacts/scan-results/openscap/oscap-version.txt ci-artifacts/scan-results/openscap/report.html ci-artifacts/scan-results/anchore/anchore-version.txt ci-artifacts/scan-results/anchore/anchore_api_gates_full.json ci-artifacts/scan-results/anchore/anchore_gates.json ci-artifacts/scan-results/anchore/anchore_security.json ci-artifacts/scan-results/twistlock/1.11.0.json ci-artifacts/scan-results/twistlock/twistlock-version.txt $ python3 "${PIPELINE_REPO_DIR}/stages/publish/s3_upload.py" --file "${PROJECT_README}" --bucket "${S3_REPORT_BUCKET}" --dest "${BASE_BUCKET_DIRECTORY}/${IMAGE_PATH}/${IMG_VERSION}/${REMOTE_REPORT_DIRECTORY}/${PROJECT_README}" $ python3 "${PIPELINE_REPO_DIR}/stages/publish/s3_upload.py" --file "${PROJECT_LICENSE}" --bucket "${S3_REPORT_BUCKET}" --dest "${BASE_BUCKET_DIRECTORY}/${IMAGE_PATH}/${IMG_VERSION}/${REMOTE_REPORT_DIRECTORY}/${PROJECT_LICENSE}" $ python3 "${PIPELINE_REPO_DIR}/stages/publish/s3_upload.py" --file "${REPORT_TAR_NAME}" --bucket "${S3_REPORT_BUCKET}" --dest "${BASE_BUCKET_DIRECTORY}/${IMAGE_PATH}/${IMG_VERSION}/${REMOTE_REPORT_DIRECTORY}/${REPORT_TAR_NAME}" section_end:1601420752:step_script Job succeeded