blog.lazkani.io/.drone.yml
Elia el Lazkani 5a85b0f765
Some checks reported errors
continuous-integration/drone/promote/production Build is passing
continuous-integration/drone/pr Build was killed
continuous-integration/drone/push Build was killed
chore(): No report scan
- Tags the image with the specific version
- Removes the report pushing from the trivy scan
2024-01-20 01:23:53 +01:00

150 lines
3.3 KiB
YAML

---
kind: pipeline
name: generate-blog
clone:
depth: 1
steps:
- name: update-submodules
image: alpine/git
commands:
- git submodule update --init --recursive
- name: generate-blog
image: plugins/hugo
settings:
hugo_version: 0.84.4
validate: true
pull: always
depends_on:
- update-submodules
- name: clean-up-images
image: alpine
commands:
- rm -rf public/images/*
depends_on:
- generate-blog
- name: build-container
image: plugins/docker
settings:
registry: scm.project42.io
username:
from_secret: registry_username
password:
from_secret: registry_password
repo: scm.project42.io/elia/blog
dry_run: false
squash: true
tags:
- "${DRONE_COMMIT_SHA:0:8}"
depends_on:
- clean-up-images
when:
event:
exclude:
- promote
- name: trivy-scan
image: scm.project42.io/elia/tricks:latest
environment:
REGISTRY_USERNAME:
from_secret: registry_username
REGISTRY_PASSWORD:
from_secret: registry_password
commands:
- trivy image --image-src remote --exit-code 0 --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
depends_on:
- build-container
when:
event:
exclude:
- promote
- name: promote-container
image: scm.project42.io/elia/tricks:latest
environment:
REGISTRY_USERNAME:
from_secret: registry_username
REGISTRY_PASSWORD:
from_secret: registry_password
commands:
- oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" latest
depends_on:
- trivy-scan
when:
event:
- promote
target:
- production
---
kind: pipeline
name: deploy-blog
clone:
depth: 1
steps:
- name: syntax-check
image: plugins/ansible:latest
settings:
playbook: ansible/site.yml
inventory: ansible/inventory/hcloud.yml
requirements: ansible/requirements.txt
tags: blog
check: true
diff: true
syntax_check: true
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
- name: dry-run
image: plugins/ansible:latest
settings:
playbook: ansible/site.yml
inventory: ansible/inventory/hcloud.yml
requirements: ansible/requirements.txt
tags: blog
check: true
diff: true
syntax_check: false
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8},check_mode=true"
private_key:
from_secret: ansible_private_key
user:
from_secret: ansible_user
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
- name: deploy
image: plugins/ansible:latest
settings:
playbook: ansible/site.yml
inventory: ansible/inventory/hcloud.yml
requirements: ansible/requirements.txt
tags: blog
check: false
diff: true
syntax_check: false
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
private_key:
from_secret: ansible_private_key
user:
from_secret: ansible_user
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
when:
event:
- promote
target:
- production
depends_on:
- generate-blog