blog.lazkani.io/.drone.yml
Elia el Lazkani 8486d82f46
Some checks failed
continuous-integration/drone/push Build is failing
test(): Testing with Trivy container scanning
2023-07-02 23:49:21 +02:00

136 lines
2.9 KiB
YAML

---
kind: pipeline
name: generate-blog
clone:
depth: 1
steps:
- name: update-submodules
image: alpine/git
commands:
- git submodule update --init --recursive
- name: generate-blog
image: plugins/hugo
settings:
hugo_version: 0.84.4
validate: true
pull: always
- name: clean-up-images
image: alpine
commands:
- rm -rf public/images/*
- name: test-build-container
image: plugins/docker
settings:
registry: scm.project42.io
username:
from_secret: registry_username
password:
from_secret: registry_password
repo: scm.project42.io/elia/blog
dry_run: true
squash: true
purge: false
tags:
- "${DRONE_COMMIT_SHA:0:8}"
- name: trivy-scan
image: docker.io/aquasec/trivy:latest
commands:
- trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
- trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
depends_on:
- test-build-container
- name: build-container
image: plugins/docker
settings:
registry: scm.project42.io
username:
from_secret: registry_username
password:
from_secret: registry_password
repo: scm.project42.io/elia/blog
dry_run: false
squash: true
tags:
- latest
- "${DRONE_COMMIT_SHA:0:8}"
when:
event:
- promote
target:
- production
---
kind: pipeline
name: deploy-blog
clone:
depth: 1
steps:
- name: syntax-check
image: plugins/ansible:latest
settings:
playbook: ansible/site.yml
inventory: ansible/inventory/hcloud.yml
requirements: ansible/requirements.txt
tags: blog
check: true
diff: true
syntax_check: true
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
- name: dry-run
image: plugins/ansible:latest
settings:
playbook: ansible/site.yml
inventory: ansible/inventory/hcloud.yml
requirements: ansible/requirements.txt
tags: blog
check: true
diff: true
syntax_check: false
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8},check_mode=true"
private_key:
from_secret: ansible_private_key
user:
from_secret: ansible_user
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
- name: deploy
image: plugins/ansible:latest
settings:
playbook: ansible/site.yml
inventory: ansible/inventory/hcloud.yml
requirements: ansible/requirements.txt
tags: blog
check: false
diff: true
syntax_check: false
extra_vars: "blog_container_tag=${DRONE_COMMIT_SHA:0:8}"
private_key:
from_secret: ansible_private_key
user:
from_secret: ansible_user
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
when:
event:
- promote
target:
- production
depends_on:
- generate-blog