chore(): Moving to tools to become a bag of Tricks
This commit is contained in:
parent
e3f778db27
commit
7189e6fda9
2 changed files with 41 additions and 9 deletions
43
.drone.yml
43
.drone.yml
|
|
@ -12,20 +12,46 @@ steps:
|
||||||
from_secret: registry_username
|
from_secret: registry_username
|
||||||
password:
|
password:
|
||||||
from_secret: registry_password
|
from_secret: registry_password
|
||||||
repo: scm.project42.io/elia/trivy
|
repo: scm.project42.io/elia/tricks
|
||||||
|
dry_run: true
|
||||||
|
squash: true
|
||||||
|
compress: true
|
||||||
|
tags:
|
||||||
|
- "${DRONE_COMMIT_SHA:0:8}"
|
||||||
|
|
||||||
|
- name: build-container
|
||||||
|
image: plugins/docker
|
||||||
|
settings:
|
||||||
|
registry: scm.project42.io
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
username:
|
||||||
|
from_secret: registry_username
|
||||||
|
password:
|
||||||
|
from_secret: registry_password
|
||||||
|
repo: scm.project42.io/elia/tricks
|
||||||
dry_run: false
|
dry_run: false
|
||||||
squash: true
|
squash: true
|
||||||
compress: true
|
compress: true
|
||||||
tags:
|
tags:
|
||||||
- pre-scan
|
- pre-scan
|
||||||
- "${DRONE_COMMIT_SHA:0:8}"
|
- "${DRONE_COMMIT_SHA:0:8}"
|
||||||
|
depends_on:
|
||||||
|
- test-build-container
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
exclude:
|
||||||
|
event:
|
||||||
|
- promote
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: scan
|
||||||
|
|
||||||
|
steps:
|
||||||
- name: trivy-scan
|
- name: trivy-scan
|
||||||
image: scm.project42.io/elia/trivy:production
|
image: scm.project42.io/elia/trivy:production
|
||||||
commands:
|
commands:
|
||||||
- /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:"${DRONE_COMMIT_SHA:0:8}"
|
- trivy image --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}"
|
||||||
depends_on:
|
|
||||||
- test-build-container
|
|
||||||
|
|
||||||
- name: retag-container
|
- name: retag-container
|
||||||
image: ghcr.io/oras-project/oras:v1.0.0
|
image: ghcr.io/oras-project/oras:v1.0.0
|
||||||
|
|
@ -35,10 +61,13 @@ steps:
|
||||||
REGISTRY_PASSWORD:
|
REGISTRY_PASSWORD:
|
||||||
from_secret: registry_password
|
from_secret: registry_password
|
||||||
commands:
|
commands:
|
||||||
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/trivy:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/trivy:post-scan
|
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/tricks:post-scan
|
||||||
depends_on:
|
depends_on:
|
||||||
- trivy-scan
|
- trivy-scan
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- test
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
exclude:
|
exclude:
|
||||||
event:
|
event:
|
||||||
|
|
@ -57,7 +86,7 @@ steps:
|
||||||
REGISTRY_PASSWORD:
|
REGISTRY_PASSWORD:
|
||||||
from_secret: registry_password
|
from_secret: registry_password
|
||||||
commands:
|
commands:
|
||||||
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/trivy:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/trivy:production
|
- oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" scm.project42.io/elia/tricks:production
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
- promote
|
- promote
|
||||||
|
|
@ -65,7 +94,7 @@ steps:
|
||||||
- production
|
- production
|
||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- test
|
- scan
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,11 @@ MAINTAINER Elia El Lazkani <git@lazkani.io>
|
||||||
ARG ORAS_VERSION="1.0.0"
|
ARG ORAS_VERSION="1.0.0"
|
||||||
|
|
||||||
RUN apk add --virtual .build-deps curl && \
|
RUN apk add --virtual .build-deps curl && \
|
||||||
|
curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" && \
|
||||||
|
mkdir -p oras-install/ && \
|
||||||
|
tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ && \
|
||||||
|
mv oras-install/oras /usr/local/bin/ && \
|
||||||
|
rm -rf oras_${ORAS_VERSION}_*.tar.gz oras-install/ && \
|
||||||
export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
|
export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \
|
||||||
echo $TRIVY_VERSION && \
|
echo $TRIVY_VERSION && \
|
||||||
curl -LO "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
|
curl -LO "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \
|
||||||
|
|
@ -12,5 +17,3 @@ RUN apk add --virtual .build-deps curl && \
|
||||||
mv trivy-install /opt/trivy && \
|
mv trivy-install /opt/trivy && \
|
||||||
ln -s /opt/trivy/trivy /usr/local/bin/trivy && \
|
ln -s /opt/trivy/trivy /usr/local/bin/trivy && \
|
||||||
apk del .build-deps
|
apk del .build-deps
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/local/bin/trivy"]
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue