From 6aa585f91d0ce2f1405d9ffabe2857af83a1af0b Mon Sep 17 00:00:00 2001
From: fedy95 <fedy95@protonmail.com>
Date: Mon, 28 Jun 2021 16:00:11 +0000
Subject: [PATCH] add-trivy (#28)

https://gitea.fedy95.com/general/dev/issues/56

Reviewed-on: https://gitea.fedy95.com/baseimage/yamllint/pulls/28
Co-authored-by: fedy95 <fedy95@protonmail.com>
Co-committed-by: fedy95 <fedy95@protonmail.com>
---
 .drone.yml | 39 +++++++++++++++++++++++++++++++++++++++
 README.md  |  1 +
 2 files changed, 40 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index 77b9626..44e74e8 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -17,6 +17,45 @@ steps:
     when:
       event: pull_request
 
+  - name: build image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
+    when:
+      event: pull_request
+
+  - name: trivy security check
+    image: aquasec/trivy
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - "trivy \
+         --exit-code 1 \
+         --format json \
+         --no-progress \
+         $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
+    when:
+      event: pull_request
+
+  - name: cleanup
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    commands:
+      - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
+    when:
+      event: pull_request
+
+
   - name: release
     image: docker:dind
     volumes:
diff --git a/README.md b/README.md
index 37ce399..dd0cc62 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,4 @@ Baseimage for CI tasks
 
 - [yamllint git](https://github.com/adrienverge/yamllint)
 - [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint)
+- [trivy](https://github.com/aquasecurity/trivy)