enh(): Updates pipeline to use tricks

.drone.yml

@@ -3,7 +3,7 @@ kind: pipeline
 name: container-check
 
 steps:
-- name: check-build
+- name: check-container
   image: plugins/docker
   settings:
     registry: scm.project42.io
@@ -18,17 +18,7 @@ steps:
     tags:
     - "${DRONE_COMMIT_SHA:0:8}"
 
-trigger:
+- name: build-container
-  exclude:
-    event:
-    - promote
-
----
-kind: pipeline
-name: container-build
-
-steps:
-- name: build-latest
   image: plugins/docker
   settings:
     registry: scm.project42.io
@@ -41,8 +31,52 @@ steps:
     dry_run: false
     squash: true
     tags:
-    - latest
     - "${DRONE_COMMIT_SHA:0:8}"
+  depends_on:
+    - check-container
+  when:
+    event:
+      exclude:
+        - promote
+
+- name: trivy-scan
+  image: scm.project42.io/elia/tricks:latest
+  environment:
+    REGISTRY_USERNAME:
+      from_secret: registry_username
+    REGISTRY_PASSWORD:
+      from_secret: registry_password
+  commands:
+    - generate-scan-report -i scm.project42.io/elia/nikola -t "${DRONE_COMMIT_SHA:0:8}" -g "${DRONE_COMMIT_SHA:0:8}"
+  depends_on:
+    - build-container
+  when:
+    event:
+      exclude:
+      - promote
+
+trigger:
+  exclude:
+    event:
+    - promote
+
+---
+kind: pipeline
+name: promote-to-production
+
+steps:
+- name: promote-container
+  image: scm.project42.io/elia/tricks:latest
+  environment:
+    REGISTRY_USERNAME:
+      from_secret: registry_username
+    REGISTRY_PASSWORD:
+      from_secret: registry_password
+  commands:
+    - check-scan-report -i scm.project42.io/elia/nikola -t "${DRONE_COMMIT_SHA:0:8}"
+    - oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/nikola:${DRONE_COMMIT_SHA:0:8}" latest
+  depends_on:
+    - trivy-scan
   when:
     event:
     - promote