chore(): Migrates repository to the bag of tricks

2023-07-03 23:33:25 +02:00 · 2023-07-03 23:33:25 +02:00 · 1916c0003e
commit 1916c0003e
parent 90c5bf6354
1 changed files with 21 additions and 24 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -43,29 +43,6 @@ steps:
  depends_on:
    - clean-up-images

- name: trivy-scan
-  image: docker:dind
-  volumes:
-    - name: dockersock
-      path: /var/run/docker.sock
-  commands:
-    - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
-    - echo "$TRIVY_VERSION"
-    - export TRIVY_URL=$(printf "https://github.com/aquasecurity/trivy/releases/download/v%s/trivy_%s_Linux-64bit.tar.gz" "$TRIVY_VERSION" "$TRIVY_VERSION")
-    - echo "$TRIVY_URL"
-    - wget --no-verbose "$TRIVY_URL" -O - | tar -zxvf -
-    - docker build -t "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" .
-    - ./trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
-    - ./trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
-    - docker rmi "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
-  depends_on:
-    - test-build-container
-
-volumes:
- name: dockersock
-  host:
-    path: /var/run/docker.sock
-
 - name: build-container
  image: plugins/docker
  settings:
@ -78,8 +55,28 @@ volumes:
    dry_run: false
    squash: true
    tags:
-    - latest
    - "${DRONE_COMMIT_SHA:0:8}"
+  depends_on:
+    - test-build-container
+
+- name: trivy-scan
+  image: scm.project42.io/elia/tricks:latest
+  commands:
+    - trivy image --image-src remote "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
+  depends_on:
+    - build-container
+
+- name: promote-container
+  image: scm.project42.io/elia/tricks:latest
+  environment:
+    REGISTRY_USERNAME:
+      from_secret: registry_username
+    REGISTRY_PASSWORD:
+      from_secret: registry_password
+  commands:
+    - oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"  scm.project42.io/elia/blog:latest
+  depends_on:
+    - trivy-scan
  when:
    event:
    - promote