gosec-docker/.drone.yml

671 lines
13 KiB
YAML
Raw Normal View History

2022-01-30 20:39:29 +00:00
---
kind: pipeline
type: kubernetes
name: linter
clone:
disable: true
2022-01-30 20:39:29 +00:00
platform:
os: linux
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: markdown lint
commands:
- markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.43.0
2022-01-30 20:39:29 +00:00
resources:
limits:
2022-05-22 11:09:11 +00:00
cpu: 150
memory: 150M
2022-01-30 20:39:29 +00:00
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
resources:
limits:
2022-05-22 11:09:11 +00:00
cpu: 150
memory: 150M
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: docker
name: dry-run-amd64
clone:
disable: true
depends_on:
- linter
2022-01-30 20:39:29 +00:00
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build
image: docker.io/plugins/docker:20.18.5
2022-01-30 20:39:29 +00:00
settings:
auto_tag: false
dockerfile: Dockerfile
2022-01-30 20:39:29 +00:00
dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
2022-01-30 20:39:29 +00:00
tags: latest-amd64
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
branch:
exclude:
- master
event:
- pull_request
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: dry-run-arm64-v8
clone:
disable: true
depends_on:
- linter
2022-01-30 20:39:29 +00:00
platform:
os: linux
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build
image: docker.io/plugins/docker:20.18.5
2022-01-30 20:39:29 +00:00
settings:
auto_tag: false
dockerfile: Dockerfile
2022-01-30 20:39:29 +00:00
dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
2022-01-30 20:39:29 +00:00
tags: latest-arm64-v8
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
branch:
exclude:
- master
event:
- pull_request
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: latest-amd64
clone:
disable: true
depends_on:
- linter
2022-01-30 20:39:29 +00:00
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build
image: docker.io/plugins/docker:20.18.5
2022-01-30 20:39:29 +00:00
settings:
auto_tag: false
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
2022-01-30 20:39:29 +00:00
tags: latest-amd64
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: latest-arm64-v8
clone:
disable: true
depends_on:
- linter
2022-01-30 20:39:29 +00:00
platform:
os: linux
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build
image: docker.io/plugins/docker:20.18.5
2022-01-30 20:39:29 +00:00
settings:
auto_tag: false
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
2022-01-30 20:39:29 +00:00
tags: latest-arm64-v8
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: kubernetes
name: latest-manifest
clone:
disable: true
depends_on:
- latest-amd64
- latest-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
2022-01-30 20:39:29 +00:00
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build-manifest
image: docker.io/plugins/manifest:1.4.0
2022-01-30 20:39:29 +00:00
settings:
auto_tag: false
ignore_missing: true
spec: manifest.tmpl
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
resources:
limits:
2022-05-22 11:09:11 +00:00
cpu: 150
memory: 150M
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: kubernetes
name: latest-sync
clone:
disable: true
2022-01-30 20:39:29 +00:00
depends_on:
- latest-manifest
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: latest-sync
commands:
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
environment:
SRC_CRED_USERNAME:
from_secret: git_cryptic_systems_container_registry_user
SRC_CRED_PASSWORD:
from_secret: git_cryptic_systems_container_registry_password
DEST_CRED_USERNAME:
from_secret: container_image_registry_user
DEST_CRED_PASSWORD:
from_secret: container_image_registry_password
image: quay.io/skopeo/stable:v1.17.0
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
2022-01-30 20:39:29 +00:00
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: tagged-amd64
clone:
disable: true
2022-01-30 20:39:29 +00:00
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build
image: docker.io/plugins/docker:20.18.5
2022-01-30 20:39:29 +00:00
settings:
auto_tag: true
auto_tag_suffix: amd64
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
2022-01-30 20:39:29 +00:00
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
build_args:
- GOSEC_VERSION=v${DRONE_TAG}
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: tagged-arm64-v8
clone:
disable: true
2022-01-30 20:39:29 +00:00
platform:
os: linux
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build
image: docker.io/plugins/docker:20.18.5
2022-01-30 20:39:29 +00:00
settings:
auto_tag: true
auto_tag_suffix: arm64-v8
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
2022-01-30 20:39:29 +00:00
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
build_args:
- GOSEC_VERSION=v${DRONE_TAG}
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: kubernetes
name: tagged-manifest
clone:
disable: true
depends_on:
- tagged-amd64
- tagged-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
2022-01-30 20:39:29 +00:00
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
2022-01-30 20:39:29 +00:00
- name: build-manifest
image: docker.io/plugins/manifest:1.4.0
2022-01-30 20:39:29 +00:00
settings:
auto_tag: true
ignore_missing: true
spec: manifest.tmpl
username:
from_secret: git_cryptic_systems_container_registry_user
2022-01-30 20:39:29 +00:00
password:
from_secret: git_cryptic_systems_container_registry_password
2022-01-30 20:39:29 +00:00
- name: email-notification
2022-01-30 20:39:29 +00:00
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
2022-01-30 20:39:29 +00:00
from_secret: smtp_host
SMTP_USERNAME:
2022-01-30 20:39:29 +00:00
from_secret: smtp_username
SMTP_PASSWORD:
2022-01-30 20:39:29 +00:00
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
2022-01-30 20:39:29 +00:00
resources:
limits:
2022-05-22 11:09:11 +00:00
cpu: 150
memory: 150M
2022-01-30 20:39:29 +00:00
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: kubernetes
name: tagged-sync
clone:
disable: true
2022-01-30 20:39:29 +00:00
depends_on:
- tagged-manifest
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: tagged-sync
commands:
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
environment:
SRC_CRED_USERNAME:
from_secret: git_cryptic_systems_container_registry_user
SRC_CRED_PASSWORD:
from_secret: git_cryptic_systems_container_registry_password
DEST_CRED_USERNAME:
from_secret: container_image_registry_user
DEST_CRED_PASSWORD:
from_secret: container_image_registry_password
image: quay.io/skopeo/stable:v1.17.0
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
2022-01-30 20:39:29 +00:00
trigger:
event:
- tag
repo:
- volker.raschek/gosec-docker