--- kind: pipeline name: generate-blog clone: depth: 1 steps: - name: update-submodules image: alpine/git commands: - git submodule update --init --recursive - name: generate-blog image: plugins/hugo settings: hugo_version: 0.84.4 validate: true pull: always depends_on: - update-submodules - name: clean-up-images image: alpine commands: - rm -rf public/images/* depends_on: - generate-blog - name: build-container image: plugins/docker settings: registry: scm.project42.io username: from_secret: registry_username password: from_secret: registry_password repo: scm.project42.io/elia/blog dry_run: false squash: true tags: - "${DRONE_COMMIT_SHA:0:8}" depends_on: - clean-up-images when: event: exclude: - promote - name: trivy-scan image: scm.project42.io/elia/tricks:latest environment: REGISTRY_USERNAME: from_secret: registry_username REGISTRY_PASSWORD: from_secret: registry_password commands: - trivy image --image-src remote --exit-code 0 --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" depends_on: - build-container when: event: exclude: - promote - name: promote-container image: scm.project42.io/elia/tricks:latest environment: REGISTRY_USERNAME: from_secret: registry_username REGISTRY_PASSWORD: from_secret: registry_password commands: - oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" latest depends_on: - trivy-scan when: event: - promote target: - production --- kind: pipeline name: deploy-blog clone: depth: 1 steps: - name: syntax-check image: plugins/ansible:latest settings: playbook: ansible/site.yml inventory: ansible/inventory/hcloud.yml requirements: ansible/requirements.txt tags: blog check: true diff: true syntax_check: true extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}" environment: HCLOUD_TOKEN: from_secret: hcloud_token - name: dry-run image: plugins/ansible:latest settings: playbook: ansible/site.yml inventory: ansible/inventory/hcloud.yml requirements: ansible/requirements.txt tags: blog check: true diff: true syntax_check: false extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8},check_mode=true" private_key: from_secret: ansible_private_key user: from_secret: ansible_user environment: HCLOUD_TOKEN: from_secret: hcloud_token - name: deploy image: plugins/ansible:latest settings: playbook: ansible/site.yml inventory: ansible/inventory/hcloud.yml requirements: ansible/requirements.txt tags: blog check: false diff: true syntax_check: false extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}" private_key: from_secret: ansible_private_key user: from_secret: ansible_user environment: HCLOUD_TOKEN: from_secret: hcloud_token when: event: - promote target: - production depends_on: - generate-blog