fix(ci): migrate to git.cryptic.systems

2023-07-08 18:52:06 +02:00 · 2023-07-08 18:52:06 +02:00 · 1ac6cf46ac
commit 1ac6cf46ac
parent 1224fae830
2 changed files with 251 additions and 92 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -57,6 +57,9 @@ name: dry-run-amd64
 clone:
  disable: true

+depends_on:
+- linter
+
 platform:
  os: linux
  arch: amd64
@ -68,16 +71,21 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: false
+    dockerfile: Dockerfile
    dry_run: true
-    tags: latest-amd64
-    repo: volkerraschek/gosec
-    username:
-      from_secret: container_image_registry_user
-    password:
-      from_secret: container_image_registry_password
+    force_tag: true
    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
+    tags: latest-amd64
+    username:
+      from_secret: git_cryptic_systems_container_registry_user
+    password:
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -97,9 +105,6 @@ steps:
    - changed
    - failure

-depends_on:
- linter
-
 trigger:
  branch:
    exclude:
@ -118,6 +123,9 @@ name: dry-run-arm-v7
 clone:
  disable: true

+depends_on:
+- linter
+
 platform:
  os: linux
  arch: arm
@ -129,16 +137,21 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: false
+    dockerfile: Dockerfile
    dry_run: true
-    tags: latest-arm-v7
-    repo: volkerraschek/gosec
-    username:
-      from_secret: container_image_registry_user
-    password:
-      from_secret: container_image_registry_password
+    force_tag: true
    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
+    tags: latest-arm-v7
+    username:
+      from_secret: git_cryptic_systems_container_registry_user
+    password:
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -158,9 +171,6 @@ steps:
    - changed
    - failure

-depends_on:
- linter
-
 trigger:
  branch:
    exclude:
@ -179,6 +189,9 @@ name: dry-run-arm64-v8
 clone:
  disable: true

+depends_on:
+- linter
+
 platform:
  os: linux
  arch: arm64
@ -190,16 +203,21 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: false
+    dockerfile: Dockerfile
    dry_run: true
-    tags: latest-arm64-v8
-    repo: volkerraschek/gosec
-    username:
-      from_secret: container_image_registry_user
-    password:
-      from_secret: container_image_registry_password
+    force_tag: true
    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
+    tags: latest-arm64-v8
+    username:
+      from_secret: git_cryptic_systems_container_registry_user
+    password:
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -219,9 +237,6 @@ steps:
    - changed
    - failure

-depends_on:
- linter
-
 trigger:
  branch:
    exclude:
@ -240,6 +255,9 @@ name: latest-amd64
 clone:
  disable: true

+depends_on:
+- linter
+
 platform:
  os: linux
  arch: amd64
@ -251,15 +269,20 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: false
-    tags: latest-amd64
-    repo: volkerraschek/gosec
-    username:
-      from_secret: container_image_registry_user
-    password:
-      from_secret: container_image_registry_password
+    dockerfile: Dockerfile
+    force_tag: true
    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
+    tags: latest-amd64
+    username:
+      from_secret: git_cryptic_systems_container_registry_user
+    password:
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -279,9 +302,6 @@ steps:
    - changed
    - failure

-depends_on:
- linter
-
 trigger:
  branch:
  - master
@ -299,6 +319,9 @@ name: latest-arm-v7
 clone:
  disable: true

+depends_on:
+- linter
+
 platform:
  os: linux
  arch: arm
@ -310,15 +333,20 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: false
-    tags: latest-arm-v7
-    repo: volkerraschek/gosec
-    username:
-      from_secret: container_image_registry_user
-    password:
-      from_secret: container_image_registry_password
+    dockerfile: Dockerfile
+    force_tag: true
    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
+    tags: latest-arm-v7
+    username:
+      from_secret: git_cryptic_systems_container_registry_user
+    password:
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -338,9 +366,6 @@ steps:
    - changed
    - failure

-depends_on:
- linter
-
 trigger:
  branch:
  - master
@ -358,6 +383,9 @@ name: latest-arm64-v8
 clone:
  disable: true

+depends_on:
+- linter
+
 platform:
  os: linux
  arch: arm64
@ -369,15 +397,20 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: false
-    tags: latest-arm64-v8
-    repo: volkerraschek/gosec
-    username:
-      from_secret: container_image_registry_user
-    password:
-      from_secret: container_image_registry_password
+    dockerfile: Dockerfile
+    force_tag: true
    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
+    tags: latest-arm64-v8
+    username:
+      from_secret: git_cryptic_systems_container_registry_user
+    password:
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -397,9 +430,6 @@ steps:
    - changed
    - failure

-depends_on:
- linter
-
 trigger:
  branch:
  - master
@ -417,6 +447,11 @@ name: latest-manifest
 clone:
  disable: true

+depends_on:
+- latest-amd64
+- latest-arm-v7
+- latest-arm64-v8
+
 # docker.io/plugins/manifest only for amd64 architectures available
 node_selector:
  kubernetes.io/os: linux
@ -433,9 +468,9 @@ steps:
    ignore_missing: true
    spec: manifest.tmpl
    username:
-      from_secret: container_image_registry_user
+      from_secret: git_cryptic_systems_container_registry_user
    password:
-      from_secret: container_image_registry_password
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -459,10 +494,65 @@ steps:
    - changed
    - failure

+trigger:
+  branch:
+  - master
+  event:
+  - cron
+  - push
+  repo:
+  - volker.raschek/gosec-docker
+
+---
+kind: pipeline
+type: kubernetes
+name: latest-sync
+
+clone:
+  disable: true
+
 depends_on:
- latest-amd64
- latest-arm-v7
- latest-arm64-v8
+- latest-manifest
+
+steps:
+- name: clone
+  image: git.cryptic.systems/volker.raschek/git:1.2.1
+
+- name: latest-sync
+  commands:
+  - skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
+  environment:
+    SRC_CRED_USERNAME:
+      from_secret: git_cryptic_systems_container_registry_user
+    SRC_CRED_PASSWORD:
+      from_secret: git_cryptic_systems_container_registry_password
+    DEST_CRED_USERNAME:
+      from_secret: container_image_registry_user
+    DEST_CRED_PASSWORD:
+      from_secret: container_image_registry_password
+  image: quay.io/skopeo/stable:v1.12.0
+
+- name: email-notification
+  environment:
+    SMTP_FROM_ADDRESS:
+      from_secret: smtp_from_address
+    SMTP_FROM_NAME:
+      from_secret: smtp_from_name
+    SMTP_HOST:
+      from_secret: smtp_host
+    SMTP_USERNAME:
+      from_secret: smtp_username
+    SMTP_PASSWORD:
+      from_secret: smtp_password
+  image: git.cryptic.systems/volker.raschek/drone-email:0.1.2
+  resources:
+    limits:
+      cpu: 150
+      memory: 150M
+  when:
+    status:
+    - changed
+    - failure

 trigger:
  branch:
@ -492,17 +582,22 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: true
    auto_tag_suffix: amd64
-    repo: volkerraschek/gosec
+    dockerfile: Dockerfile
+    force_tag: true
+    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
    username:
-      from_secret: container_image_registry_user
+      from_secret: git_cryptic_systems_container_registry_user
    password:
-      from_secret: container_image_registry_password
+      from_secret: git_cryptic_systems_container_registry_password
    build_args:
    - GOSEC_VERSION=${DRONE_TAG}
-    no_cache: true

 - name: email-notification
  environment:
@ -547,17 +642,22 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: true
    auto_tag_suffix: arm-v7
-    repo: volkerraschek/gosec
+    dockerfile: Dockerfile
+    force_tag: true
+    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
    username:
-      from_secret: container_image_registry_user
+      from_secret: git_cryptic_systems_container_registry_user
    password:
-      from_secret: container_image_registry_password
+      from_secret: git_cryptic_systems_container_registry_password
    build_args:
    - GOSEC_VERSION=${DRONE_TAG}
-    no_cache: true

 - name: email-notification
  environment:
@ -602,17 +702,22 @@ steps:
 - name: build
  image: docker.io/plugins/docker:20.10.9
  settings:
-    dockerfile: Dockerfile
    auto_tag: true
    auto_tag_suffix: arm64-v8
-    repo: volkerraschek/gosec
+    dockerfile: Dockerfile
+    force_tag: true
+    no_cache: true
+    purge: true
+    mirror:
+      from_secret: docker_io_mirror
+    registry: git.cryptic.systems
+    repo: git.cryptic.systems/volker.raschek/gosec
    username:
-      from_secret: container_image_registry_user
+      from_secret: git_cryptic_systems_container_registry_user
    password:
-      from_secret: container_image_registry_password
+      from_secret: git_cryptic_systems_container_registry_password
    build_args:
    - GOSEC_VERSION=${DRONE_TAG}
-    no_cache: true

 - name: email-notification
  environment:
@ -646,6 +751,11 @@ name: tagged-manifest
 clone:
  disable: true

+depends_on:
+- tagged-amd64
+- tagged-arm-v7
+- tagged-arm64-v8
+
 # docker.io/plugins/manifest only for amd64 architectures available
 node_selector:
  kubernetes.io/os: linux
@ -662,9 +772,9 @@ steps:
    ignore_missing: true
    spec: manifest.tmpl
    username:
-      from_secret: container_image_registry_user
+      from_secret: git_cryptic_systems_container_registry_user
    password:
-      from_secret: container_image_registry_password
+      from_secret: git_cryptic_systems_container_registry_password

 - name: email-notification
  environment:
@ -688,10 +798,62 @@ steps:
    - changed
    - failure

+trigger:
+  event:
+  - tag
+  repo:
+  - volker.raschek/gosec-docker
+
+---
+kind: pipeline
+type: kubernetes
+name: tagged-sync
+
+clone:
+  disable: true
+
 depends_on:
- tagged-amd64
- tagged-arm-v7
- tagged-arm64-v8
+- tagged-manifest
+
+steps:
+- name: clone
+  image: git.cryptic.systems/volker.raschek/git:1.2.1
+
+- name: tagged-sync
+  commands:
+  - skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
+  environment:
+    SRC_CRED_USERNAME:
+      from_secret: git_cryptic_systems_container_registry_user
+    SRC_CRED_PASSWORD:
+      from_secret: git_cryptic_systems_container_registry_password
+    DEST_CRED_USERNAME:
+      from_secret: container_image_registry_user
+    DEST_CRED_PASSWORD:
+      from_secret: container_image_registry_password
+  image: quay.io/skopeo/stable:v1.12.0
+
+- name: email-notification
+  environment:
+    SMTP_FROM_ADDRESS:
+      from_secret: smtp_from_address
+    SMTP_FROM_NAME:
+      from_secret: smtp_from_name
+    SMTP_HOST:
+      from_secret: smtp_host
+    SMTP_USERNAME:
+      from_secret: smtp_username
+    SMTP_PASSWORD:
+      from_secret: smtp_password
+  image: git.cryptic.systems/volker.raschek/drone-email:0.1.2
+  resources:
+    limits:
+      cpu: 150
+      memory: 150M
+  when:
+    status:
+    - changed
+    - failure

 trigger:
  event:
--- a/manifest.tmpl
+++ b/manifest.tmpl
@ -1,4 +1,4 @@
-image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
@ -7,19 +7,16 @@ tags:
  - "latest"
 {{/if}}
 manifests:
-  -
-    image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
+  - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
    platform:
      architecture: amd64
      os: linux
-  -
-    image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7
+  - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7
    platform:
      architecture: arm
      os: linux
      variant: v7
-  -
-    image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
+  - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
    platform:
      architecture: arm64
      os: linux