update-cleanup-job (#30 )

Reviewed-on: #30 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>
add-grype (#29 )
4 changed files with 92 additions and 21 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -2,8 +2,78 @@
 kind: pipeline
 type: docker
 name: default
+image_pull_secrets:
+  - dockerconfigjson
+volumes:
+  - name: dockersock
+    host:
+      path: /var/run/docker.sock

 steps:
+  - name: lint yaml
+    image: registry.fedy95.com/baseimage-yamllint:latest
+    commands:
+      - yamllint -c /yamllint/relaxed.yaml .
+    when:
+      event: pull_request
+
+  - name: build image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
+    when:
+      event: pull_request
+
+  - name: trivy security scan
+    image: aquasec/trivy
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - "trivy \
+         --exit-code 1 \
+         --format json \
+         --no-progress \
+         $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
+    when:
+      event: pull_request
+
+  - name: grype security scan
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - apk add --no-cache curl
+      - "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \
+        sh -s -- -b /usr/local/bin"
+      - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA \
+         --scope all-layers \
+         --fail-on=critical \
+         --verbose"
+    when:
+      event: pull_request
+
+  - name: cleanup
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    commands:
+      - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
+    when:
+      event: pull_request
+      status: [ success, failure ]
+
  - name: release
    image: docker:dind
    volumes:
@ -28,9 +98,4 @@ steps:
      - docker logout "$REGISTRY"
    when:
      event: tag
-
-volumes:
-  - name: dockersock
-    host:
-      path: /var/run/docker.sock
 ...
--- a/18
+++ b/18
@ -1,16 +1,16 @@
 MAKEFLAGS += --silent
-
 .PHONY: *

+LOCAL_REPOSITORY=fedy95/baseimage:yamllint
 YAMLLINT_TAG=latest

-build_yamllint:
-	docker build -t fedy95/baseimage:yamllint-${YAMLLINT_TAG} image -f image/Dockerfile
-
-lint:
-	@docker run --rm $$(tty -s && echo "-it" || echo) -v $(PWD):/data fedy95/baseimage:yamllint-latest .
-lint_help:
-	docker run --rm -v $(pwd):/data fedy95/baseimage:yamllint-latest --help
+lint: lint-yaml

+build-yamllint:
+	docker build -t ${LOCAL_REPOSITORY}-${YAMLLINT_TAG} image -f image/Dockerfile
+lint-yaml: build-yamllint
+	docker run --rm -it -v $(PWD):/data ${LOCAL_REPOSITORY}-${YAMLLINT_TAG} .
+lint-help: build-yamllint
+	docker run --rm -it -v $(PWD):/data ${LOCAL_REPOSITORY}-${YAMLLINT_TAG} --help

-.DEFAULT_GOAL := build_yamllint
+.DEFAULT_GOAL := lint
--- a/README.md
+++ b/README.md
@ -1,6 +1,12 @@
-### baseimage
-[![Build Status](https://drone.fedy95.com/api/badges/baseimage/yamllint/status.svg)](https://drone.fedy95.com/baseimage/yamllint)
+### yamllint [![Build Status](https://drone.fedy95.com/api/badges/baseimage/yamllint/status.svg)](https://drone.fedy95.com/baseimage/yamllint)

---
 Baseimage for CI tasks
+
+---
+
 - [yamllint git](https://github.com/adrienverge/yamllint)
+- [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint)
+
+### security scanners
+- [trivy](https://github.com/aquasecurity/trivy)
+- [grype](https://github.com/anchore/grype)
--- a/image/Dockerfile
+++ b/image/Dockerfile
@ -1,8 +1,8 @@
-FROM debian:bullseye-slim
+FROM alpine:3.14

-RUN apt-get update && \
-    apt-get install -y yamllint && \
-    rm -rf /var/lib/apt/lists/*
+RUN \
+  apk update && apk upgrade && \
+  apk add --no-cache yamllint==1.26.1-r0

 COPY relaxed.yaml /yamllint/relaxed.yaml
Author	SHA1	Message	Date
fedy95	f18f3d8568	update-cleanup-job (#30 ) continuous-integration/drone/push Build is passing Details Reviewed-on: #30 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>	4 years ago
fedy95	5d41b9dd3a	add-grype (#29 ) continuous-integration/drone/push Build is passing Details general/dev#56 Reviewed-on: #29 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>	4 years ago
fedy95	6aa585f91d	add-trivy (#28 ) continuous-integration/drone/push Build is passing Details general/dev#56 Reviewed-on: #28 Co-authored-by: fedy95 <fedy95@protonmail.com> Co-committed-by: fedy95 <fedy95@protonmail.com>	4 years ago
fedy95	72bf2b31d9	fix project name continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	45bdc6198d	use alpine image instead debian continuous-integration/drone/pr Build is passing Details continuous-integration/drone/tag Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	ed9b7e2bef	Update 'README.md' continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	c5a6beb3bf	cleanup continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	02774f8ea9	cleanup continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	a9b50ba15d	cleanup continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	b28954b5f2	cleanup makefile continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	91997933d9	cleanup makefile continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	eb6b657fcf	cleanup makefile continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago
fedy95	154fb0a8e7	add-yaml-validator-for-ci continuous-integration/drone/pr Build is passing Details continuous-integration/drone/push Build is passing Details	4 years ago