From 6ff30c18fcb43fa22c4f50f79bf464222af95ce5 Mon Sep 17 00:00:00 2001
From: fedy95 <fedy95@protonmail.com>
Date: Mon, 28 Jun 2021 18:52:36 +0300
Subject: [PATCH 1/3] test-trivy

---
 .drone.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index 77b9626..de54e44 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -17,6 +17,23 @@ steps:
     when:
       event: pull_request
 
+  - name: trivy security check
+    image: aquasec/trivy
+#    volumes:
+#      - name: dockersock
+#        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:temp image -f image/Dockerfile
+      - "trivy \
+         --exit-code 1 \
+         --format json \
+         --no-progress \
+         $REGISTRY/baseimage-yamllint:temp"
+    when:
+      event: pull_request
+
   - name: release
     image: docker:dind
     volumes:
-- 
2.30.2


From 6588798639eeb267b240c53f07033c14151a670d Mon Sep 17 00:00:00 2001
From: fedy95 <fedy95@protonmail.com>
Date: Mon, 28 Jun 2021 18:54:51 +0300
Subject: [PATCH 2/3] test-trivy

---
 .drone.yml | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index de54e44..9136ab5 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -17,20 +17,31 @@ steps:
     when:
       event: pull_request
 
+  - name: build image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
+    when:
+      event: pull_request
+
   - name: trivy security check
     image: aquasec/trivy
-#    volumes:
-#      - name: dockersock
-#        path: /var/run/docker.sock
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
     environment:
       REGISTRY: registry.fedy95.com
     commands:
-      - docker build -t "$REGISTRY"/baseimage-yamllint:temp image -f image/Dockerfile
       - "trivy \
          --exit-code 1 \
          --format json \
          --no-progress \
-         $REGISTRY/baseimage-yamllint:temp"
+         $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
     when:
       event: pull_request
 
-- 
2.30.2


From 7e09260e1fdc18e372c7fa33b254857bc9023794 Mon Sep 17 00:00:00 2001
From: fedy95 <fedy95@protonmail.com>
Date: Mon, 28 Jun 2021 18:58:04 +0300
Subject: [PATCH 3/3] test-trivy

---
 .drone.yml | 11 +++++++++++
 README.md  |  1 +
 2 files changed, 12 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index 9136ab5..44e74e8 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -45,6 +45,17 @@ steps:
     when:
       event: pull_request
 
+  - name: cleanup
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    commands:
+      - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
+    when:
+      event: pull_request
+
+
   - name: release
     image: docker:dind
     volumes:
diff --git a/README.md b/README.md
index 37ce399..dd0cc62 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,4 @@ Baseimage for CI tasks
 
 - [yamllint git](https://github.com/adrienverge/yamllint)
 - [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint)
+- [trivy](https://github.com/aquasecurity/trivy)
-- 
2.30.2