> ## Documentation Index
> Fetch the complete documentation index at: https://docs.raven.io/llms.txt
> Use this file to discover all available pages before exploring further.

# CI Integration with Raven Platform

> Guide to integrating CI with Raven platform

## Introduction

This document provides a guide to set up integration with Raven platform and your CI tool to automate Raven receiving image build metadata from your image build pipelines. This guide is intended for build engineers and DevOps engineers, who are responsible for setting up and managing the image build pipelines.

## Pre-requisites

Before proceeding with the Raven CI Integration, ensure you have completed the following prerequisites:

1. You have the Raven agent token available.

   1. Please contact Raven if you don't have this token available.

## Set Up

The Raven CI step needs access to the image being built on the CI platform via the CI pipeline. CI platforms usually delete the image after pushing the image to its repository, thus it is essential to add the Raven step in between the docker build and docker push stages.

Examples -&#x20;

<CodeGroup>
  ```YAML Gitlab CI/CD theme={null}
  stages:
    - test
    - build
    - deploy
    - release
  variables:
    RAVEN_CI_IMAGE: "releases.cloud.raven.io/raven-public/ravenci"
    RAVEN_CI_TAG: "latest"
  docker-image:
    stage: build
    image: docker:latest
    services:
      - docker:dind
    dependencies:
      - raven-ci
    script:
      - docker buildx create --use
      - docker buildx build -t ${DOCKER_IMAGE_NAME}:${DOCKER_TAG} --load -f ./Dockerfile . 
      - printenv | grep CI | sort > cienv
      - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock --entrypoint /bin/sh --env-file=./cienv -e RAVEN_TOKEN=$RAVEN_TOKEN ${ECR_REPOSITORY}/ravenci -c 'DOCKER_HOST="" ravenci scan --images-from="1h" --max-images=10 --pretty'
      - docker push ${DOCKER_IMAGE_NAME}:${DOCKER_TAG}
  ```

  ```Java Jenkins theme={null}
  stage('Building Image') {
    environment {
        DOCKER_REPO = ''
        DOCKER_IMAGE = ''
        DOCKER_TAG = ''
        RAVEN_CI_IMAGE = 'releases.cloud.raven.io/raven-public/ravenci'
        RAVEN_CI_TAG = 'latest'                   // Replace with specific Raven CI tag if required
    }
    steps {
        script {
            // Log in to Docker registry
            sh '''
                echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin $DOCKER_REPO
            '''

            // Build and push the Docker image
            sh '''
                docker buildx build --platform linux/amd64 --load \
                    -t $DOCKER_REPO/$DOCKER_IMAGE:$DOCKER_TAG \
                    -f Dockerfile .
                docker push $DOCKER_REPO/$DOCKER_IMAGE:$DOCKER_TAG
            '''
        }
    }
    post {
        always {
            withCredentials([string(credentialsId: 'RAVEN_TOKEN', variable: 'RAVEN_TOKEN')]) {
                script {
                    // Use the Raven CI image with docker.image()
                    docker.image("${RAVEN_CI_IMAGE}:${RAVEN_CI_TAG}").inside("-v /var/run/docker.sock:/var/run/docker.sock --entrypoint=''") {
                        sh '''
                            /bin/sh -c '
                                DOCKER_HOST="" ravenci scan --images-from="1h" --max-images=10 --pretty
                            '
                        '''
                    }
                }
            }
        }
    }
  }
  ```

  ```YAML GitHub Actions theme={null}
  name: Build and Push Docker Image

  on:
    push:
      branches:
        - main  # Specify the branch to trigger this workflow

  jobs:
    docker-image:
      name: Build and Push Docker Image
      runs-on: ubuntu-latest
      container:
        image: docker:latest
      services:
        docker:
          image: docker:dind
          options: --privileged
      env:
        RAVEN_CI_IMAGE: "releases.cloud.raven.io/raven-public/ravenci"
        RAVEN_CI_TAG: "latest"
        DOCKER_IMAGE_NAME: ${{ secrets.DOCKER_IMAGE_NAME }}
        DOCKER_TAG: ${{ secrets.DOCKER_TAG }}
        RAVEN_TOKEN: ${{ secrets.RAVEN_TOKEN }}
        ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
      steps:
        - name: Checkout Code
          uses: actions/checkout@v3

        - name: Set up Docker Buildx
          uses: docker/setup-buildx-action@v2
          with:
            install: true

        - name: Build Docker Image
          run: |
            docker buildx build -t ${DOCKER_IMAGE_NAME}:${DOCKER_TAG} --load -f ./Dockerfile .

        - name: Prepare Environment Variables File
          run: printenv | grep GITHUB | sort > cienv

        - name: Scan Docker Images
          run: |
            docker run --rm -v /var/run/docker.sock:/var/run/docker.sock --entrypoint /bin/sh --env-file=./cienv -e RAVEN_TOKEN=$RAVEN_TOKEN ${ECR_REPOSITORY}/ravenci -c 'DOCKER_HOST="" ravenci scan --images-from="1h" --max-images=10 --pretty'

        - name: Push Docker Image
          run: docker push ${DOCKER_IMAGE_NAME}:${DOCKER_TAG}
  ```

  ```YAML BitBucket Pipelines theme={null}
  image: docker:latest

  pipelines:
    default:
      - step:
          name: Build and Push Docker Image
          services:
            - docker
          caches:
            - docker
          script:
            - docker buildx create --use
            - docker buildx build -t ${DOCKER_IMAGE_NAME}:${DOCKER_TAG} --load -f ./Dockerfile .
            - printenv | grep BITBUCKET | sort > cienv
            - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock --entrypoint /bin/sh --env-file=./cienv -e RAVEN_TOKEN=$RAVEN_TOKEN ${ECR_REPOSITORY}/ravenci -c 'DOCKER_HOST="" ravenci scan --images-from="1h" --max-images=10 --pretty'
            - docker push ${DOCKER_IMAGE_NAME}:${DOCKER_TAG}
  ```
</CodeGroup>

## Data Privacy

The Raven Platform integration with your CI tool only collects and persists the metadata related to the images being built via the image build pipelines. Raven does not collect any sensitive data such as passwords from your CI pipeline environments.
