5a85b0f765
- Tags the image with the specific version - Removes the report pushing from the trivy scan
150 lines
3.3 KiB
YAML
150 lines
3.3 KiB
YAML
---
|
|
kind: pipeline
|
|
name: generate-blog
|
|
|
|
clone:
|
|
depth: 1
|
|
|
|
steps:
|
|
- name: update-submodules
|
|
image: alpine/git
|
|
commands:
|
|
- git submodule update --init --recursive
|
|
|
|
- name: generate-blog
|
|
image: plugins/hugo
|
|
settings:
|
|
hugo_version: 0.84.4
|
|
validate: true
|
|
pull: always
|
|
depends_on:
|
|
- update-submodules
|
|
|
|
- name: clean-up-images
|
|
image: alpine
|
|
commands:
|
|
- rm -rf public/images/*
|
|
depends_on:
|
|
- generate-blog
|
|
|
|
- name: build-container
|
|
image: plugins/docker
|
|
settings:
|
|
registry: scm.project42.io
|
|
username:
|
|
from_secret: registry_username
|
|
password:
|
|
from_secret: registry_password
|
|
repo: scm.project42.io/elia/blog
|
|
dry_run: false
|
|
squash: true
|
|
tags:
|
|
- "${DRONE_COMMIT_SHA:0:8}"
|
|
depends_on:
|
|
- clean-up-images
|
|
when:
|
|
event:
|
|
exclude:
|
|
- promote
|
|
|
|
- name: trivy-scan
|
|
image: scm.project42.io/elia/tricks:latest
|
|
environment:
|
|
REGISTRY_USERNAME:
|
|
from_secret: registry_username
|
|
REGISTRY_PASSWORD:
|
|
from_secret: registry_password
|
|
commands:
|
|
- trivy image --image-src remote --exit-code 0 --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
|
|
depends_on:
|
|
- build-container
|
|
when:
|
|
event:
|
|
exclude:
|
|
- promote
|
|
|
|
- name: promote-container
|
|
image: scm.project42.io/elia/tricks:latest
|
|
environment:
|
|
REGISTRY_USERNAME:
|
|
from_secret: registry_username
|
|
REGISTRY_PASSWORD:
|
|
from_secret: registry_password
|
|
commands:
|
|
- oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" latest
|
|
depends_on:
|
|
- trivy-scan
|
|
when:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
|
|
---
|
|
kind: pipeline
|
|
name: deploy-blog
|
|
|
|
clone:
|
|
depth: 1
|
|
|
|
steps:
|
|
- name: syntax-check
|
|
image: plugins/ansible:latest
|
|
settings:
|
|
playbook: ansible/site.yml
|
|
inventory: ansible/inventory/hcloud.yml
|
|
requirements: ansible/requirements.txt
|
|
tags: blog
|
|
check: true
|
|
diff: true
|
|
syntax_check: true
|
|
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
|
|
environment:
|
|
HCLOUD_TOKEN:
|
|
from_secret: hcloud_token
|
|
|
|
- name: dry-run
|
|
image: plugins/ansible:latest
|
|
settings:
|
|
playbook: ansible/site.yml
|
|
inventory: ansible/inventory/hcloud.yml
|
|
requirements: ansible/requirements.txt
|
|
tags: blog
|
|
check: true
|
|
diff: true
|
|
syntax_check: false
|
|
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8},check_mode=true"
|
|
private_key:
|
|
from_secret: ansible_private_key
|
|
user:
|
|
from_secret: ansible_user
|
|
environment:
|
|
HCLOUD_TOKEN:
|
|
from_secret: hcloud_token
|
|
|
|
- name: deploy
|
|
image: plugins/ansible:latest
|
|
settings:
|
|
playbook: ansible/site.yml
|
|
inventory: ansible/inventory/hcloud.yml
|
|
requirements: ansible/requirements.txt
|
|
tags: blog
|
|
check: false
|
|
diff: true
|
|
syntax_check: false
|
|
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
|
|
private_key:
|
|
from_secret: ansible_private_key
|
|
user:
|
|
from_secret: ansible_user
|
|
environment:
|
|
HCLOUD_TOKEN:
|
|
from_secret: hcloud_token
|
|
when:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
|
|
depends_on:
|
|
- generate-blog
|