You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 lines
2.4 KiB
95 lines
2.4 KiB
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: default
|
|
image_pull_secrets:
|
|
- dockerconfigjson
|
|
volumes:
|
|
- name: dockersock
|
|
host:
|
|
path: /var/run/docker.sock
|
|
|
|
steps:
|
|
- name: lint yaml
|
|
image: registry.fedy95.com/baseimage-yamllint:latest
|
|
commands:
|
|
- yamllint -c /yamllint/relaxed.yaml .
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: build image
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: trivy security check
|
|
image: aquasec/trivy
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- "trivy \
|
|
--exit-code 1 \
|
|
--format json \
|
|
--no-progress \
|
|
$REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: grype security check
|
|
image: anchore/grype
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical"
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: cleanup
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
commands:
|
|
- docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
|
|
when:
|
|
event: pull_request
|
|
|
|
|
|
- name: release
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
settings:
|
|
repo: baseimage/yamllint
|
|
tags:
|
|
- ${DRONE_TAG}
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
REGISTRY_USERNAME:
|
|
from_secret: REGISTRY_USERNAME
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
commands:
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG" image -f image/Dockerfile
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:latest image -f image/Dockerfile
|
|
- docker login "$REGISTRY" -u"$REGISTRY_USERNAME" -p"$REGISTRY_PASSWORD"
|
|
- docker push "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG"
|
|
- docker push "$REGISTRY"/baseimage-yamllint:latest
|
|
- docker logout "$REGISTRY"
|
|
when:
|
|
event: tag
|
|
...
|