--- kind: pipeline name: build steps: - name: test-build-container image: plugins/docker settings: registry: scm.project42.io dockerfile: Dockerfile username: from_secret: registry_username password: from_secret: registry_password repo: scm.project42.io/elia/tricks dry_run: true squash: true compress: true tags: - "${DRONE_COMMIT_SHA:0:8}" - name: build-container image: plugins/docker settings: registry: scm.project42.io dockerfile: Dockerfile username: from_secret: registry_username password: from_secret: registry_password repo: scm.project42.io/elia/tricks dry_run: false squash: true compress: true tags: - "${DRONE_COMMIT_SHA:0:8}" depends_on: - test-build-container trigger: exclude: event: - promote --- kind: pipeline name: scan steps: - name: trivy-scan image: scm.project42.io/elia/tricks:latest environment: REGISTRY_USERNAME: from_secret: registry_username REGISTRY_PASSWORD: from_secret: registry_password commands: - trivy image --format json --output result.json --image-src remote scm.project42.io/elia/tricks:"${DRONE_COMMIT_SHA:0:8}" - export TIMESTAMP=$(date "+%F %T %Z") - echo $TIMESTAMP - oras attach --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" -a "org.opencontainers.trivy.created=$TIMESTAMP" -a "org.opencontainers.trivy.status=Passed" -a "org.opencontainers.trivy.tag=${DRONE_COMMIT_SHA:0:8}" --artifact-type application/json "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" result.json depends_on: - build trigger: exclude: event: - promote --- kind: pipeline name: deploy steps: - name: promote-container image: scm.project42.io/elia/tricks:latest environment: REGISTRY_USERNAME: from_secret: registry_username REGISTRY_PASSWORD: from_secret: registry_password commands: - oras tag --username "$REGISTRY_USERNAME" --password "$REGISTRY_PASSWORD" "scm.project42.io/elia/tricks:${DRONE_COMMIT_SHA:0:8}" latest when: event: - promote target: - production depends_on: - scan trigger: event: - promote target: - production