From 82d386efbcb2bebed66bb6fb2a11544d975db165 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Wed, 29 Apr 2026 22:44:58 +0000 Subject: [PATCH] docs: document CI runner Alpine Docker image for GitLab CI --- integrations/ci_cd.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/integrations/ci_cd.md b/integrations/ci_cd.md index d4f0c60..0c10cdd 100644 --- a/integrations/ci_cd.md +++ b/integrations/ci_cd.md @@ -86,6 +86,42 @@ description: Use Kosli in CI Systems like GitHub Actions, GitLab CI, and more. For a complete example of a Gitlab pipeline using Kosli, please check [this cyber-dojo pipeline](https://gitlab.com/cyber-dojo/creator/-/blob/main/.gitlab/workflows/main.yml). + ### CI runner image (Alpine) + + The Kosli CLI repository ships an Alpine-based [`Dockerfile.alpine`](https://github.com/kosli-dev/cli/blob/main/Dockerfile.alpine) intended for use as a CI runner image. Unlike the default `ghcr.io/kosli-dev/cli` image (which has the `kosli` binary as its entrypoint), the Alpine variant has no entrypoint and bundles `git`, `curl`, and `ca-certificates` alongside the CLI — so it can be used as a general-purpose job image where you also need to clone repos, hit HTTP APIs, or run other shell tooling next to `kosli`. + + Build and push it to your own registry, pinning the CLI version you want: + + ```bash + # Clone or copy Dockerfile.alpine from https://github.com/kosli-dev/cli + docker build \ + --build-arg KOSLI_VERSION=2.13.2 \ + -f Dockerfile.alpine \ + -t registry.example.com/ci/kosli-runner:2.13.2 . + docker push registry.example.com/ci/kosli-runner:2.13.2 + ``` + + Then use it as the job image in `.gitlab-ci.yml`: + + ```yaml + variables: + KOSLI_ORG: my-org + KOSLI_HOST: https://app.kosli.com + + attest: + image: registry.example.com/ci/kosli-runner:2.13.2 + script: + - kosli version + - kosli attest generic + --flow my-flow + --trail "$CI_COMMIT_SHA" + --name build + --compliant=true + # KOSLI_API_TOKEN should be set as a masked GitLab CI/CD variable + ``` + + The image runs as the non-root `kosli` user with `/workspace` as the working directory. `KOSLI_ORG` and `KOSLI_HOST` are exposed as environment variables so they can be overridden in your CI configuration; `KOSLI_API_TOKEN` should be supplied via a masked CI variable rather than baked into the image. + View defaulted Kosli command flags in Azure DevOps.