You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
2.6 KiB
101 lines
2.6 KiB
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: default
|
|
image_pull_secrets:
|
|
- dockerconfigjson
|
|
volumes:
|
|
- name: dockersock
|
|
host:
|
|
path: /var/run/docker.sock
|
|
|
|
steps:
|
|
- name: lint yaml
|
|
image: registry.fedy95.com/baseimage-yamllint:latest
|
|
commands:
|
|
- yamllint -c /yamllint/relaxed.yaml .
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: build image
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: trivy security scan
|
|
image: aquasec/trivy
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- "trivy \
|
|
--exit-code 1 \
|
|
--format json \
|
|
--no-progress \
|
|
$REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: grype security scan
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
commands:
|
|
- apk add --no-cache curl
|
|
- "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | \
|
|
sh -s -- -b /usr/local/bin"
|
|
- "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA \
|
|
--scope all-layers \
|
|
--fail-on=critical \
|
|
--verbose"
|
|
when:
|
|
event: pull_request
|
|
|
|
- name: cleanup
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
commands:
|
|
- docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
|
|
when:
|
|
event: pull_request
|
|
status: [ changed, failure ]
|
|
|
|
- name: release
|
|
image: docker:dind
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run/docker.sock
|
|
settings:
|
|
repo: baseimage/yamllint
|
|
tags:
|
|
- ${DRONE_TAG}
|
|
environment:
|
|
REGISTRY: registry.fedy95.com
|
|
REGISTRY_USERNAME:
|
|
from_secret: REGISTRY_USERNAME
|
|
REGISTRY_PASSWORD:
|
|
from_secret: REGISTRY_PASSWORD
|
|
commands:
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG" image -f image/Dockerfile
|
|
- docker build -t "$REGISTRY"/baseimage-yamllint:latest image -f image/Dockerfile
|
|
- docker login "$REGISTRY" -u"$REGISTRY_USERNAME" -p"$REGISTRY_PASSWORD"
|
|
- docker push "$REGISTRY"/baseimage-yamllint:"$DRONE_TAG"
|
|
- docker push "$REGISTRY"/baseimage-yamllint:latest
|
|
- docker logout "$REGISTRY"
|
|
when:
|
|
event: tag
|
|
...
|