Introduction

GitLab can be used as a CI/CD tool along with many other features that it has. In order to integrate the GitLab with JFrog Artifactory, there is no such out-of-the-box plugin available. However, we can integrate it using our very own CLI tool called JFrog CLI. We can build with multiple package types using JFrog CLI. More details on JFrog CLI is available at this link.

In this KB article, we will discuss a maven build and then containerize it using a docker file and then do a docker build, and then push it to Artifactory. The build has the below steps – 

1. Create a GitLab project and upload all the required files to the GitLab repository.
2. Pull a base image from Docker Hub.
3. Build a docker image using the image that we have pulled. The step # 2 and # 3 will be done as part of a Dockerfile.
4. As part of the docker build using the Docker file, it will do a “maven clean install” which will build the docker packages, and then will do the “maven clean deploy” which will push the maven packages to the Artifactory and then create a docker image along with those jar files that are created by the “maven clean install” command.
5. Do a scan of the image before even pushing to the Artifactory. You can find more details about on-demand scanning here on this page - https://www.jfrog.com/confluence/display/JFROG/Xray+On-Demand+Binary+Scan. Please note that it will refer to the watch and policy and the policy has a rule to fail the build if the image contains any vulnerability as the “Fail build” option is checked in the Rules of the Policy as mentioned in the 4.B section of “JFrog Platform Setup”.
6. Push the image to the Artifactory and publish the build information.
7. Scan that build using the JFrog Xray.
8. Scan the jars created as part of the maven build that are pushed to Artifactory.