--- kind: pipeline type: docker name: default image_pull_secrets: - dockerconfigjson volumes: - name: dockersock host: path: /var/run/docker.sock steps: - name: lint yaml image: registry.fedy95.com/baseimage-yamllint:latest commands: - yamllint -c /yamllint/relaxed.yaml . when: event: pull_request - name: build image image: docker:dind volumes: - name: dockersock path: /var/run/docker.sock environment: REGISTRY: registry.fedy95.com commands: - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile when: event: pull_request - name: trivy security check image: aquasec/trivy volumes: - name: dockersock path: /var/run/docker.sock environment: REGISTRY: registry.fedy95.com commands: - "trivy \ --exit-code 1 \ --format json \ --no-progress \ $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA" when: event: pull_request - name: grype security check image: anchore/grype volumes: - name: dockersock path: /var/run/docker.sock environment: REGISTRY: registry.fedy95.com commands: - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical" when: event: pull_request - name: cleanup image: docker:dind volumes: - name: dockersock path: /var/run/docker.sock commands: - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA when: event: pull_request - name: release image: docker:dind volumes: - name: dockersock path: /var/run/docker.sock settings: repo: baseimage/yamllint tags: - ${DRONE_TAG} environment: REGISTRY: registry.fedy95.com REGISTRY_USERNAME: from_secret: REGISTRY_USERNAME REGISTRY_PASSWORD: from_secret: REGISTRY_PASSWORD commands: - docker build -t "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG" image -f image/Dockerfile - docker build -t "$REGISTRY"/baseimage-yamllint:latest image -f image/Dockerfile - docker login "$REGISTRY" -u"$REGISTRY_USERNAME" -p"$REGISTRY_PASSWORD" - docker push "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG" - docker push "$REGISTRY"/baseimage-yamllint:latest - docker logout "$REGISTRY" when: event: tag ...