chore(): Migrates repository to the bag of tricks
This commit is contained in:
parent
90c5bf6354
commit
1916c0003e
1 changed files with 21 additions and 24 deletions
45
.drone.yml
45
.drone.yml
|
@ -43,29 +43,6 @@ steps:
|
||||||
depends_on:
|
depends_on:
|
||||||
- clean-up-images
|
- clean-up-images
|
||||||
|
|
||||||
- name: trivy-scan
|
|
||||||
image: docker:dind
|
|
||||||
volumes:
|
|
||||||
- name: dockersock
|
|
||||||
path: /var/run/docker.sock
|
|
||||||
commands:
|
|
||||||
- export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
|
|
||||||
- echo "$TRIVY_VERSION"
|
|
||||||
- export TRIVY_URL=$(printf "https://github.com/aquasecurity/trivy/releases/download/v%s/trivy_%s_Linux-64bit.tar.gz" "$TRIVY_VERSION" "$TRIVY_VERSION")
|
|
||||||
- echo "$TRIVY_URL"
|
|
||||||
- wget --no-verbose "$TRIVY_URL" -O - | tar -zxvf -
|
|
||||||
- docker build -t "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" .
|
|
||||||
- ./trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
|
|
||||||
- ./trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
|
|
||||||
- docker rmi "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
|
|
||||||
depends_on:
|
|
||||||
- test-build-container
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
- name: dockersock
|
|
||||||
host:
|
|
||||||
path: /var/run/docker.sock
|
|
||||||
|
|
||||||
- name: build-container
|
- name: build-container
|
||||||
image: plugins/docker
|
image: plugins/docker
|
||||||
settings:
|
settings:
|
||||||
|
@ -78,8 +55,28 @@ volumes:
|
||||||
dry_run: false
|
dry_run: false
|
||||||
squash: true
|
squash: true
|
||||||
tags:
|
tags:
|
||||||
- latest
|
|
||||||
- "${DRONE_COMMIT_SHA:0:8}"
|
- "${DRONE_COMMIT_SHA:0:8}"
|
||||||
|
depends_on:
|
||||||
|
- test-build-container
|
||||||
|
|
||||||
|
- name: trivy-scan
|
||||||
|
image: scm.project42.io/elia/tricks:latest
|
||||||
|
commands:
|
||||||
|
- trivy image --image-src remote "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
|
||||||
|
depends_on:
|
||||||
|
- build-container
|
||||||
|
|
||||||
|
- name: promote-container
|
||||||
|
image: scm.project42.io/elia/tricks:latest
|
||||||
|
environment:
|
||||||
|
REGISTRY_USERNAME:
|
||||||
|
from_secret: registry_username
|
||||||
|
REGISTRY_PASSWORD:
|
||||||
|
from_secret: registry_password
|
||||||
|
commands:
|
||||||
|
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/blog:latest
|
||||||
|
depends_on:
|
||||||
|
- trivy-scan
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
|
|
Loading…
Reference in a new issue