DOCKER_IMAGE_NAME: "nginx"
RF_ROOT_URL: https://frontrow.rapidfort.com
# generate service account & replace these
RF_ACCESS_ID: RFabcdefghijkl123456
RF_SECRET_ACCESS_KEY: 01234567891011abcdefghijklmnopqrstuvwxyz
RF_CLI_PATH: /home/gitlab-runner/.local/bin
if [ -z "$(command -v rflogin)" ] || [ "${RF_CLI_UPDATE}" == "yes" ]; then
curl -ks "${RF_ROOT_URL}"/cli/ | bash
export PATH="$RF_CLI_PATH:$PATH"
docker pull $DOCKER_IMAGE_NAME:$TAG
docker tag $DOCKER_IMAGE_NAME:$TAG $DOCKER_IMAGE_NAME:$TAG-$CI_PIPELINE_ID
rfstub $DOCKER_IMAGE_NAME:$TAG-$CI_PIPELINE_ID
docker images | grep $DOCKER_IMAGE_NAME | grep $CI_PIPELINE_ID
docker run --rm --name $DOCKER_IMAGE_NAME-$TAG-$CI_PIPELINE_ID -p9999:80 --cap-add=SYS_PTRACE -d $DOCKER_IMAGE_NAME:$TAG-$CI_PIPELINE_ID-rfstub
STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9999 || /bin/true)
until [ "${STATUS_CODE}" == 200 ]; do
STATUS_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:9999 || /bin/true)
ab -n 10 -c 10 http://localhost:9999/
docker stop $DOCKER_IMAGE_NAME-$TAG-$CI_PIPELINE_ID
# ** GENERATE HARDENED IMAGE **
rfharden $DOCKER_IMAGE_NAME:$TAG-$CI_PIPELINE_ID-rfstub && echo "Hardened Done" || echo "Hardened Failed"
docker images | grep $DOCKER_IMAGE_NAME | grep $CI_PIPELINE_ID