---
kind: pipeline
name: test

steps:
- name: test-build-container
  image: plugins/docker
  settings:
    registry: scm.project42.io
    dockerfile: Dockerfile
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
    repo: scm.project42.io/elia/trivy
    dry_run: false
    squash: true
    compress: true
    tags:
    - pre-scan
    - "${DRONE_COMMIT_SHA:0:8}"

- name: trivy-scan
  image: scm.project42.io/elia/trivy:production
  commands:
    - /usr/local/bin/trivy image --image-src remote scm.project42.io/elia/trivy:"${DRONE_COMMIT_SHA:0:8}"
  depends_on:
    - test-build-container

- name: retag-container
  image: ghcr.io/oras-project/oras:v1.0.0
  environment:
    REGISTRY_USERNAME:
      from_secret: registry_username
    REGISTRY_PASSWORD:
      from_secret: registry_password
  commands:
    - oras cp --from-username "$REGISTRY_USERNAME" --from-password "$REGISTRY_PASSWORD" --to-username "$REGISTRY_USERNAME" --to-password "$REGISTRY_PASSWORD" "scm.project42.io/elia/trivy:${DRONE_COMMIT_SHA:0:8}"  scm.project42.io/elia/trivy:post-scan
  depends_on:
    - trivy-scan

trigger:
  exclude:
    event:
      - promote

---
kind: pipeline
name: build

steps:
- name: build-container
  image: plugins/docker
  settings:
    registry: scm.project42.io
    dockerfile: Dockerfile
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
    repo: scm.project42.io/elia/trivy
    dry_run: false
    squash: true
    compress: true
    tags:
    - production
    - "${DRONE_COMMIT_SHA:0:8}"
  when:
    event:
    - promote
    target:
    - production

depends_on:
  - test

trigger:
  event:
    - promote
  target:
    - production