You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
111 lines
3.0 KiB
111 lines
3.0 KiB
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: default
|
|
image_pull_secrets:
|
|
- dockerconfigjson
|
|
volumes:
|
|
- name: dockersock
|
|
host:
|
|
path: /var/run/docker.sock
|
|
|
|
steps:
|
|
- name: lint yaml
|
|
image: registry.fedy95.com/baseimage-yamllint:latest
|
|
commands:
|
|
- yamllint -c /yamllint/relaxed.yaml .
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: build image
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
|
|
when:
|
|
event: pull_request
|
|
|
|
# - name: trivy security check
|
|
# image: aquasec/trivy
|
|
# volumes:
|
|
# - name: dockersock
|
|
# path: /var/run/docker.sock
|
|
# environment:
|
|
# REGISTRY: registry.fedy95.com
|
|
# commands:
|
|
# - "trivy \
|
|
# --exit-code 1 \
|
|
# --format json \
|
|
# --no-progress \
|
|
# $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
|
|
# when:
|
|
# event: pull_request
|
|
|
|
- name: grype security check
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- apk add curl
|
|
- curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
|
|
- "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical"
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: grype security check
|
|
image: anchore:grype
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
# - apk add curl
|
|
# - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
|
|
- "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical"
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: cleanup
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
commands:
|
|
- docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
|
|
when:
|
|
event: pull_request
|
|
|
|
|
|
- name: release
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
settings:
|
|
repo: baseimage/yamllint
|
|
tags:
|
|
- ${DRONE_TAG}
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
REGISTRY_USERNAME:
|
|
from_secret: REGISTRY_USERNAME
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
commands:
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG" image -f image/Dockerfile
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:latest image -f image/Dockerfile
|
|
- docker login "$REGISTRY" -u"$REGISTRY_USERNAME" -p"$REGISTRY_PASSWORD"
|
|
- docker push "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG"
|
|
- docker push "$REGISTRY"/baseimage-yamllint:latest
|
|
- docker logout "$REGISTRY"
|
|
when:
|
|
event: tag
|
|
...
|