update-cleanup-job (#30 )

Reviewed-on: #30 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>
add-grype (#29 )
6 changed files with 125 additions and 40 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -2,32 +2,100 @@
 kind: pipeline
 type: docker
 name: default
+image_pull_secrets:
+  - dockerconfigjson
+volumes:
+  - name: dockersock
+    host:
+      path: /var/run/docker.sock

 steps:
+  - name: lint yaml
+    image: registry.fedy95.com/baseimage-yamllint:latest
+    commands:
+      - yamllint -c /yamllint/relaxed.yaml .
+    when:
+      event: pull_request
+
+  - name: build image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
+    when:
+      event: pull_request
+
+  - name: trivy security scan
+    image: aquasec/trivy
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - "trivy \
+         --exit-code 1 \
+         --format json \
+         --no-progress \
+         $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
+    when:
+      event: pull_request
+
+  - name: grype security scan
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - apk add --no-cache curl
+      - "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \
+        sh -s -- -b /usr/local/bin"
+      - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA \
+         --scope all-layers \
+         --fail-on=critical \
+         --verbose"
+    when:
+      event: pull_request
+
+  - name: cleanup
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    commands:
+      - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
+    when:
+      event: pull_request
+      status: [ success, failure ]
+
  - name: release
    image: docker:dind
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    settings:
-      repo: baseimage/yamlint
+      repo: baseimage/yamllint
      tags:
        - ${DRONE_TAG}
    environment:
-      DOCKER_USERNAME:
-        from_secret: DOCKER_USERNAME
-      DOCKER_PASSWORD:
-        from_secret: DOCKER_PASSWORD
-
+      REGISTRY: registry.fedy95.com
+      REGISTRY_USERNAME:
+        from_secret: REGISTRY_USERNAME
+      REGISTRY_PASSWORD:
+        from_secret: REGISTRY_PASSWORD
    commands:
-      - docker build -t registry.fedy95.com/baseimage-yamllint:${DRONE_TAG} image -f image/Dockerfile
-      - docker login registry.fedy95.com -u"$DOCKER_USERNAME" -p"$DOCKER_PASSWORD"
-      - docker push registry.fedy95.com/baseimage-yamllint:${DRONE_TAG}
-      - docker logout registry.fedy95.com
+      - docker build -t "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG" image -f image/Dockerfile
+      - docker build -t "$REGISTRY"/baseimage-yamllint:latest image -f image/Dockerfile
+      - docker login "$REGISTRY" -u"$REGISTRY_USERNAME" -p"$REGISTRY_PASSWORD"
+      - docker push "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG"
+      - docker push "$REGISTRY"/baseimage-yamllint:latest
+      - docker logout "$REGISTRY"
    when:
      event: tag
-
-volumes:
-  - name: dockersock
-    host:
-      path: /var/run/docker.sock
+...
--- a/.editorconfig
+++ b/.editorconfig
@ -4,9 +4,8 @@ root = true
 charset = utf-8
 end_of_line = lf
 indent_style = space
-indent_size = 4
+indent_size = 2
 trim_trailing_whitespace = true
 insert_final_newline = true
+max_line_length = 100

-[.drone.yml]
-indent_size = 2
--- a/18
+++ b/18
@ -1,16 +1,16 @@
 MAKEFLAGS += --silent
-
 .PHONY: *

+LOCAL_REPOSITORY=fedy95/baseimage:yamllint
 YAMLLINT_TAG=latest

-build_yamllint:
-	docker build -t fedy95/baseimage:yamllint-${YAMLLINT_TAG} image -f image/Dockerfile
-
-lint:
-	@docker run --rm $$(tty -s && echo "-it" || echo) -v $(PWD):/data fedy95/baseimage:yamllint-latest .
-lint_help:
-	docker run --rm -v $(pwd):/data fedy95/baseimage:yamllint-latest --help
+lint: lint-yaml

+build-yamllint:
+	docker build -t ${LOCAL_REPOSITORY}-${YAMLLINT_TAG} image -f image/Dockerfile
+lint-yaml: build-yamllint
+	docker run --rm -it -v $(PWD):/data ${LOCAL_REPOSITORY}-${YAMLLINT_TAG} .
+lint-help: build-yamllint
+	docker run --rm -it -v $(PWD):/data ${LOCAL_REPOSITORY}-${YAMLLINT_TAG} --help

-.DEFAULT_GOAL := build_yamllint
+.DEFAULT_GOAL := lint
--- a/README.md
+++ b/README.md
@ -1,6 +1,12 @@
-### baseimage
-[![Build Status](https://drone.fedy95.com/api/badges/baseimage/yamllint/status.svg)](https://drone.fedy95.com/baseimage/yamllint)
+### yamllint [![Build Status](https://drone.fedy95.com/api/badges/baseimage/yamllint/status.svg)](https://drone.fedy95.com/baseimage/yamllint)

---
 Baseimage for CI tasks
+
+---
+
 - [yamllint git](https://github.com/adrienverge/yamllint)
+- [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint)
+
+### security scanners
+- [trivy](https://github.com/aquasecurity/trivy)
+- [grype](https://github.com/anchore/grype)
--- a/image/Dockerfile
+++ b/image/Dockerfile
@ -1,8 +1,8 @@
-FROM debian:bullseye-slim
+FROM alpine:3.14

-RUN apt-get update && \
-    apt-get install -y yamllint && \
-    rm -rf /var/lib/apt/lists/*
+RUN \
+  apk update && apk upgrade && \
+  apk add --no-cache yamllint==1.26.1-r0

 COPY relaxed.yaml /yamllint/relaxed.yaml

--- a/image/relaxed.yaml
+++ b/image/relaxed.yaml
@ -2,9 +2,21 @@
 extends: default

 rules:
-    braces:
-        min-spaces-inside: 0
-        max-spaces-inside: -1
-    line-length:
-        max: 120
-        level: warning
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: -1
+    min-spaces-inside-empty: 1
+    max-spaces-inside-empty: 1
+  line-length:
+    max: 100
+    level: warning
+  document-end:
+    present: true
+  document-start:
+    present: true
+  new-lines:
+    type: unix
+...
Author	SHA1	Message	Date
fedy95	f18f3d8568	update-cleanup-job (#30 ) continuous-integration/drone/push Build is passing Details Reviewed-on: #30 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>	4 years ago
fedy95	5d41b9dd3a	add-grype (#29 ) continuous-integration/drone/push Build is passing Details general/dev#56 Reviewed-on: #29 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>	4 years ago
fedy95	6aa585f91d	add-trivy (#28 ) continuous-integration/drone/push Build is passing Details general/dev#56 Reviewed-on: #28 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>	4 years ago
fedy95	72bf2b31d9	fix project name continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	45bdc6198d	use alpine image instead debian continuous-integration/drone/pr Build is passing Details continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	ed9b7e2bef	Update 'README.md' continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	c5a6beb3bf	cleanup continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	02774f8ea9	cleanup continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	a9b50ba15d	cleanup continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	b28954b5f2	cleanup makefile continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	91997933d9	cleanup makefile continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	eb6b657fcf	cleanup makefile continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	154fb0a8e7	add-yaml-validator-for-ci continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	c9c52d3d15	add-latest-tag continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	4 years ago
fedy95	c774832117	add-latest-tag continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is failing Details	4 years ago
fedy95	dcc0d734d8	update-rules continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details continuous-integration/drone/tag Build is passing Details	4 years ago
fedy95	466544ec2d	fix-drone-yaml continuous-integration/drone/push Build is passing Details	4 years ago