add bitbucket example (#56)

maratsal · web-flow · commit fa7ecd0b7837 · 2023-09-28T06:34:17.000-04:00
diff --git a/bitbucket/Dockerfile b/bitbucket/Dockerfile
@@ -0,0 +1 @@
+FROM alpine
diff --git a/bitbucket/Dockerfile.log4j b/bitbucket/Dockerfile.log4j
@@ -0,0 +1,3 @@
+FROM alpine:latest
+ADD https://archive.apache.org/dist/logging/log4j/2.14.1/apache-log4j-2.14.1-bin.tar.gz /root
+RUN tar xzvf /root/apache-log4j-2.14.1-bin.tar.gz
diff --git a/bitbucket/README.md b/bitbucket/README.md
@@ -0,0 +1,19 @@
+# Bitbucket pipelines demo
+
+In this demo we will use Bitbucket pipelines to build, scan and push a container image.
+The workflow is as follows:
+
+1. Download the sysdig-cli-scanner
+2. Build the container image and store it locally
+3. Perform the scan
+4. Login to the registry and push the image
+
+## Setup
+
+It is required to create a few repository secrets in order to be able to push the
+container image:
+
+* `DOCKER_USER`: Docker username
+* `DOCKER_PASSWORD`: Docker user password
+* `DOCKER_REGISTRY`: Docker registry URL
+* `SECURE_API_TOKEN`: Sysdig Token
diff --git a/bitbucket/bitbucket-pipelines.yml b/bitbucket/bitbucket-pipelines.yml
@@ -0,0 +1,36 @@
+# Prerequisites: $DOCKER_USERNAME, $DOCKER_PASSWORD, $DOCKER_REGISTRY and $SECURE_API_TOKEN  setup as deployment variables
+
+image: atlassian/default-image:3
+
+pipelines:
+  default:
+    - step:
+        name: Download Sysdig CLI Scanner
+        script:
+          - curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner"
+          - chmod +x sysdig-cli-scanner
+        artifacts:
+          - sysdig-cli-scanner
+    - step:
+        name: Build image
+        script:
+          - IMAGE=${DOCKER_REGISTRY}/${BITBUCKET_REPO_SLUG}:${BITBUCKET_BUILD_NUMBER}
+          - docker build . --file Dockerfile.log4j --tag ${IMAGE}
+          - docker save ${IMAGE} --output "${BITBUCKET_REPO_SLUG}.tar"
+        services:
+          - docker
+        artifacts:
+          - "*.tar"
+    - step:
+        name: Scan image
+        script:
+          - ./sysdig-cli-scanner --apiurl https://us2.app.sysdig.com --console-log  file://${BITBUCKET_REPO_SLUG}.tar 
+    - step:
+        name: Push image
+        script:
+          - echo ${DOCKER_PASSWORD} | docker login --username "$DOCKER_USERNAME" --password-stdin ${DOCKER_REGISTRY}
+          - IMAGE=${DOCKER_REGISTRY}/${BITBUCKET_REPO_SLUG}:${BITBUCKET_BUILD_NUMBER}
+          - docker load --input "${BITBUCKET_REPO_SLUG}.tar"
+          - docker push ${IMAGE}
+        services:
+          - docker

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+FROM alpine:latest`
	`2`	`+ADD https://archive.apache.org/dist/logging/log4j/2.14.1/apache-log4j-2.14.1-bin.tar.gz /root`
	`3`	`+RUN tar xzvf /root/apache-log4j-2.14.1-bin.tar.gz`