From 1ac6cf46ace6f676853a7c800efe70149af61111 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sat, 8 Jul 2023 18:52:06 +0200 Subject: [PATCH] fix(ci): migrate to git.cryptic.systems --- .drone.yml | 332 +++++++++++++++++++++++++++++++++++++------------- manifest.tmpl | 11 +- 2 files changed, 251 insertions(+), 92 deletions(-) diff --git a/.drone.yml b/.drone.yml index d252f02..ec802c3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -57,6 +57,9 @@ name: dry-run-amd64 clone: disable: true +depends_on: +- linter + platform: os: linux arch: amd64 @@ -68,16 +71,21 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: false + dockerfile: Dockerfile dry_run: true - tags: latest-amd64 - repo: volkerraschek/gosec - username: - from_secret: container_image_registry_user - password: - from_secret: container_image_registry_password + force_tag: true no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec + tags: latest-amd64 + username: + from_secret: git_cryptic_systems_container_registry_user + password: + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -97,9 +105,6 @@ steps: - changed - failure -depends_on: -- linter - trigger: branch: exclude: @@ -118,6 +123,9 @@ name: dry-run-arm-v7 clone: disable: true +depends_on: +- linter + platform: os: linux arch: arm @@ -129,16 +137,21 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: false + dockerfile: Dockerfile dry_run: true - tags: latest-arm-v7 - repo: volkerraschek/gosec - username: - from_secret: container_image_registry_user - password: - from_secret: container_image_registry_password + force_tag: true no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec + tags: latest-arm-v7 + username: + from_secret: git_cryptic_systems_container_registry_user + password: + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -158,9 +171,6 @@ steps: - changed - failure -depends_on: -- linter - trigger: branch: exclude: @@ -179,6 +189,9 @@ name: dry-run-arm64-v8 clone: disable: true +depends_on: +- linter + platform: os: linux arch: arm64 @@ -190,16 +203,21 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: false + dockerfile: Dockerfile dry_run: true - tags: latest-arm64-v8 - repo: volkerraschek/gosec - username: - from_secret: container_image_registry_user - password: - from_secret: container_image_registry_password + force_tag: true no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec + tags: latest-arm64-v8 + username: + from_secret: git_cryptic_systems_container_registry_user + password: + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -219,9 +237,6 @@ steps: - changed - failure -depends_on: -- linter - trigger: branch: exclude: @@ -240,6 +255,9 @@ name: latest-amd64 clone: disable: true +depends_on: +- linter + platform: os: linux arch: amd64 @@ -251,15 +269,20 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: false - tags: latest-amd64 - repo: volkerraschek/gosec - username: - from_secret: container_image_registry_user - password: - from_secret: container_image_registry_password + dockerfile: Dockerfile + force_tag: true no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec + tags: latest-amd64 + username: + from_secret: git_cryptic_systems_container_registry_user + password: + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -279,9 +302,6 @@ steps: - changed - failure -depends_on: -- linter - trigger: branch: - master @@ -299,6 +319,9 @@ name: latest-arm-v7 clone: disable: true +depends_on: +- linter + platform: os: linux arch: arm @@ -310,15 +333,20 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: false - tags: latest-arm-v7 - repo: volkerraschek/gosec - username: - from_secret: container_image_registry_user - password: - from_secret: container_image_registry_password + dockerfile: Dockerfile + force_tag: true no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec + tags: latest-arm-v7 + username: + from_secret: git_cryptic_systems_container_registry_user + password: + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -338,9 +366,6 @@ steps: - changed - failure -depends_on: -- linter - trigger: branch: - master @@ -358,6 +383,9 @@ name: latest-arm64-v8 clone: disable: true +depends_on: +- linter + platform: os: linux arch: arm64 @@ -369,15 +397,20 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: false - tags: latest-arm64-v8 - repo: volkerraschek/gosec - username: - from_secret: container_image_registry_user - password: - from_secret: container_image_registry_password + dockerfile: Dockerfile + force_tag: true no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec + tags: latest-arm64-v8 + username: + from_secret: git_cryptic_systems_container_registry_user + password: + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -397,9 +430,6 @@ steps: - changed - failure -depends_on: -- linter - trigger: branch: - master @@ -417,6 +447,11 @@ name: latest-manifest clone: disable: true +depends_on: +- latest-amd64 +- latest-arm-v7 +- latest-arm64-v8 + # docker.io/plugins/manifest only for amd64 architectures available node_selector: kubernetes.io/os: linux @@ -433,9 +468,9 @@ steps: ignore_missing: true spec: manifest.tmpl username: - from_secret: container_image_registry_user + from_secret: git_cryptic_systems_container_registry_user password: - from_secret: container_image_registry_password + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -459,10 +494,65 @@ steps: - changed - failure +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: latest-sync + +clone: + disable: true + depends_on: -- latest-amd64 -- latest-arm-v7 -- latest-arm64-v8 +- latest-manifest + +steps: +- name: clone + image: git.cryptic.systems/volker.raschek/git:1.2.1 + +- name: latest-sync + commands: + - skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek + environment: + SRC_CRED_USERNAME: + from_secret: git_cryptic_systems_container_registry_user + SRC_CRED_PASSWORD: + from_secret: git_cryptic_systems_container_registry_password + DEST_CRED_USERNAME: + from_secret: container_image_registry_user + DEST_CRED_PASSWORD: + from_secret: container_image_registry_password + image: quay.io/skopeo/stable:v1.12.0 + +- name: email-notification + environment: + SMTP_FROM_ADDRESS: + from_secret: smtp_from_address + SMTP_FROM_NAME: + from_secret: smtp_from_name + SMTP_HOST: + from_secret: smtp_host + SMTP_USERNAME: + from_secret: smtp_username + SMTP_PASSWORD: + from_secret: smtp_password + image: git.cryptic.systems/volker.raschek/drone-email:0.1.2 + resources: + limits: + cpu: 150 + memory: 150M + when: + status: + - changed + - failure trigger: branch: @@ -492,17 +582,22 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: true auto_tag_suffix: amd64 - repo: volkerraschek/gosec + dockerfile: Dockerfile + force_tag: true + no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec username: - from_secret: container_image_registry_user + from_secret: git_cryptic_systems_container_registry_user password: - from_secret: container_image_registry_password + from_secret: git_cryptic_systems_container_registry_password build_args: - GOSEC_VERSION=${DRONE_TAG} - no_cache: true - name: email-notification environment: @@ -547,17 +642,22 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: true auto_tag_suffix: arm-v7 - repo: volkerraschek/gosec + dockerfile: Dockerfile + force_tag: true + no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec username: - from_secret: container_image_registry_user + from_secret: git_cryptic_systems_container_registry_user password: - from_secret: container_image_registry_password + from_secret: git_cryptic_systems_container_registry_password build_args: - GOSEC_VERSION=${DRONE_TAG} - no_cache: true - name: email-notification environment: @@ -602,17 +702,22 @@ steps: - name: build image: docker.io/plugins/docker:20.10.9 settings: - dockerfile: Dockerfile auto_tag: true auto_tag_suffix: arm64-v8 - repo: volkerraschek/gosec + dockerfile: Dockerfile + force_tag: true + no_cache: true + purge: true + mirror: + from_secret: docker_io_mirror + registry: git.cryptic.systems + repo: git.cryptic.systems/volker.raschek/gosec username: - from_secret: container_image_registry_user + from_secret: git_cryptic_systems_container_registry_user password: - from_secret: container_image_registry_password + from_secret: git_cryptic_systems_container_registry_password build_args: - GOSEC_VERSION=${DRONE_TAG} - no_cache: true - name: email-notification environment: @@ -646,6 +751,11 @@ name: tagged-manifest clone: disable: true +depends_on: +- tagged-amd64 +- tagged-arm-v7 +- tagged-arm64-v8 + # docker.io/plugins/manifest only for amd64 architectures available node_selector: kubernetes.io/os: linux @@ -662,9 +772,9 @@ steps: ignore_missing: true spec: manifest.tmpl username: - from_secret: container_image_registry_user + from_secret: git_cryptic_systems_container_registry_user password: - from_secret: container_image_registry_password + from_secret: git_cryptic_systems_container_registry_password - name: email-notification environment: @@ -688,10 +798,62 @@ steps: - changed - failure +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: tagged-sync + +clone: + disable: true + depends_on: -- tagged-amd64 -- tagged-arm-v7 -- tagged-arm64-v8 +- tagged-manifest + +steps: +- name: clone + image: git.cryptic.systems/volker.raschek/git:1.2.1 + +- name: tagged-sync + commands: + - skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek + environment: + SRC_CRED_USERNAME: + from_secret: git_cryptic_systems_container_registry_user + SRC_CRED_PASSWORD: + from_secret: git_cryptic_systems_container_registry_password + DEST_CRED_USERNAME: + from_secret: container_image_registry_user + DEST_CRED_PASSWORD: + from_secret: container_image_registry_password + image: quay.io/skopeo/stable:v1.12.0 + +- name: email-notification + environment: + SMTP_FROM_ADDRESS: + from_secret: smtp_from_address + SMTP_FROM_NAME: + from_secret: smtp_from_name + SMTP_HOST: + from_secret: smtp_host + SMTP_USERNAME: + from_secret: smtp_username + SMTP_PASSWORD: + from_secret: smtp_password + image: git.cryptic.systems/volker.raschek/drone-email:0.1.2 + resources: + limits: + cpu: 150 + memory: 150M + when: + status: + - changed + - failure trigger: event: diff --git a/manifest.tmpl b/manifest.tmpl index af4b9cf..b381df1 100644 --- a/manifest.tmpl +++ b/manifest.tmpl @@ -1,4 +1,4 @@ -image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} {{#if build.tags}} tags: {{#each build.tags}} @@ -7,19 +7,16 @@ tags: - "latest" {{/if}} manifests: - - - image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64 + - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64 platform: architecture: amd64 os: linux - - - image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7 + - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7 platform: architecture: arm os: linux variant: v7 - - - image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8 + - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8 platform: architecture: arm64 os: linux