This commit is contained in:
commit
4c845b61fa
0
.dockerignore
Normal file
0
.dockerignore
Normal file
721
.drone.yml
Normal file
721
.drone.yml
Normal file
@ -0,0 +1,721 @@
|
||||
---
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: linter
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
|
||||
steps:
|
||||
- name: markdown lint
|
||||
commands:
|
||||
- markdownlint *.md
|
||||
image: docker.io/volkerraschek/markdownlint:0.30.0
|
||||
resources:
|
||||
limits:
|
||||
cpu: 50
|
||||
memory: 50M
|
||||
|
||||
- name: email-notification
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
image: docker.io/drillster/drone-email:latest
|
||||
resources:
|
||||
limits:
|
||||
cpu: 50
|
||||
memory: 25M
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
trigger:
|
||||
event:
|
||||
exclude:
|
||||
- tag
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: dry-run-amd64
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: false
|
||||
dry_run: true
|
||||
tags: latest-amd64
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
no_cache: true
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
depends_on:
|
||||
- linter
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
exclude:
|
||||
- master
|
||||
event:
|
||||
- pull_request
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: dry-run-arm-v7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: false
|
||||
dry_run: true
|
||||
tags: latest-arm-v7
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
no_cache: true
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
depends_on:
|
||||
- linter
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
exclude:
|
||||
- master
|
||||
event:
|
||||
- pull_request
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: dry-run-arm64-v8
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm64
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: false
|
||||
dry_run: true
|
||||
tags: latest-arm64-v8
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
no_cache: true
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
depends_on:
|
||||
- linter
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
exclude:
|
||||
- master
|
||||
event:
|
||||
- pull_request
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: latest-amd64
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: false
|
||||
tags: latest-amd64
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
no_cache: true
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
depends_on:
|
||||
- linter
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
event:
|
||||
- cron
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: latest-arm-v7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: false
|
||||
tags: latest-arm-v7
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
no_cache: true
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
depends_on:
|
||||
- linter
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
event:
|
||||
- cron
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: latest-arm64-v8
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm64
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: false
|
||||
tags: latest-arm64-v8
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
no_cache: true
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
depends_on:
|
||||
- linter
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
event:
|
||||
- cron
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: latest-manifest
|
||||
|
||||
steps:
|
||||
- name: build-manifest
|
||||
image: plugins/manifest
|
||||
settings:
|
||||
auto_tag: false
|
||||
ignore_missing: true
|
||||
spec: manifest.tmpl
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
|
||||
- name: notify
|
||||
image: docker.io/drillster/drone-email:latest
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
resources:
|
||||
limits:
|
||||
cpu: 50
|
||||
memory: 25M
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- latest-amd64
|
||||
- latest-arm-v7
|
||||
- latest-arm64-v8
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
event:
|
||||
- cron
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: tagged-amd64
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: true
|
||||
auto_tag_suffix: amd64
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
build_args:
|
||||
- HELM_VERSION=${DRONE_TAG}
|
||||
no_cache: true
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- tag
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: tagged-arm-v7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: true
|
||||
auto_tag_suffix: arm-v7
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
build_args:
|
||||
- HELM_VERSION=${DRONE_TAG}
|
||||
no_cache: true
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- tag
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: tagged-arm64-v8
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: arm64
|
||||
|
||||
steps:
|
||||
- name: build
|
||||
image: plugins/docker
|
||||
settings:
|
||||
dockerfile: Dockerfile
|
||||
auto_tag: true
|
||||
auto_tag_suffix: arm64-v8
|
||||
repo: volkerraschek/gosec
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
build_args:
|
||||
- HELM_VERSION=${DRONE_TAG}
|
||||
no_cache: true
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
path: /var/run/docker.sock
|
||||
|
||||
- name: notify
|
||||
image: drillster/drone-email
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
volumes:
|
||||
- name: docker_socket
|
||||
host:
|
||||
path: /var/run/docker.sock
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- tag
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: tagged-manifest
|
||||
|
||||
steps:
|
||||
- name: build-manifest
|
||||
image: plugins/manifest
|
||||
settings:
|
||||
auto_tag: true
|
||||
ignore_missing: true
|
||||
spec: manifest.tmpl
|
||||
username:
|
||||
from_secret: container_image_registry_user
|
||||
password:
|
||||
from_secret: container_image_registry_password
|
||||
|
||||
- name: notify
|
||||
image: docker.io/drillster/drone-email:latest
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
resources:
|
||||
limits:
|
||||
cpu: 50
|
||||
memory: 25M
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- tagged-amd64
|
||||
- tagged-arm-v7
|
||||
- tagged-arm64-v8
|
||||
|
||||
trigger:
|
||||
event:
|
||||
- tag
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: sync
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: github
|
||||
image: docker.io/appleboy/drone-git-push:latest
|
||||
resources:
|
||||
limits:
|
||||
cpu: 50
|
||||
memory: 25M
|
||||
settings:
|
||||
branch: master
|
||||
remote: ssh://git@github.com/volker-raschek/gosec-docker.git
|
||||
force: true
|
||||
ssh_key:
|
||||
from_secret: ssh_key
|
||||
|
||||
- name: email-notification
|
||||
environment:
|
||||
PLUGIN_HOST:
|
||||
from_secret: smtp_host
|
||||
PLUGIN_USERNAME:
|
||||
from_secret: smtp_username
|
||||
PLUGIN_PASSWORD:
|
||||
from_secret: smtp_password
|
||||
PLUGIN_FROM:
|
||||
from_secret: smtp_mail_address
|
||||
image: docker.io/drillster/drone-email:latest
|
||||
resources:
|
||||
limits:
|
||||
cpu: 50
|
||||
memory: 25M
|
||||
when:
|
||||
status:
|
||||
- changed
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- latest-manifest
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
event:
|
||||
- cron
|
||||
- push
|
||||
repo:
|
||||
- volker.raschek/gosec-docker
|
12
.editorconfig
Normal file
12
.editorconfig
Normal file
@ -0,0 +1,12 @@
|
||||
root = true
|
||||
|
||||
[*]
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
end_of_line = lf
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
insert_final_newline = false
|
||||
|
||||
[Makefile]
|
||||
indent_style = tab
|
1
.gitattributes
vendored
Normal file
1
.gitattributes
vendored
Normal file
@ -0,0 +1 @@
|
||||
Makefile eol=lf
|
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# IntelliJ
|
||||
.idea/
|
144
.markdownlint.yaml
Normal file
144
.markdownlint.yaml
Normal file
@ -0,0 +1,144 @@
|
||||
# markdownlint YAML configuration
|
||||
# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml
|
||||
|
||||
# Default state for all rules
|
||||
default: true
|
||||
|
||||
# Path to configuration file to extend
|
||||
extends: null
|
||||
|
||||
# MD003/heading-style/header-style - Heading style
|
||||
MD003:
|
||||
# Heading style
|
||||
style: "atx"
|
||||
|
||||
# MD004/ul-style - Unordered list style
|
||||
MD004:
|
||||
style: "dash"
|
||||
|
||||
# MD007/ul-indent - Unordered list indentation
|
||||
MD007:
|
||||
# Spaces for indent
|
||||
indent: 2
|
||||
# Whether to indent the first level of the list
|
||||
start_indented: false
|
||||
|
||||
# MD009/no-trailing-spaces - Trailing spaces
|
||||
MD009:
|
||||
# Spaces for line break
|
||||
br_spaces: 2
|
||||
# Allow spaces for empty lines in list items
|
||||
list_item_empty_lines: false
|
||||
# Include unnecessary breaks
|
||||
strict: false
|
||||
|
||||
# MD010/no-hard-tabs - Hard tabs
|
||||
MD010:
|
||||
# Include code blocks
|
||||
code_blocks: true
|
||||
|
||||
# MD012/no-multiple-blanks - Multiple consecutive blank lines
|
||||
MD012:
|
||||
# Consecutive blank lines
|
||||
maximum: 1
|
||||
|
||||
# MD013/line-length - Line length
|
||||
MD013:
|
||||
# Number of characters
|
||||
line_length: 80
|
||||
# Number of characters for headings
|
||||
heading_line_length: 80
|
||||
# Number of characters for code blocks
|
||||
code_block_line_length: 80
|
||||
# Include code blocks
|
||||
code_blocks: false
|
||||
# Include tables
|
||||
tables: false
|
||||
# Include headings
|
||||
headings: true
|
||||
# Include headings
|
||||
headers: true
|
||||
# Strict length checking
|
||||
strict: false
|
||||
# Stern length checking
|
||||
stern: false
|
||||
|
||||
# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines
|
||||
MD022:
|
||||
# Blank lines above heading
|
||||
lines_above: 1
|
||||
# Blank lines below heading
|
||||
lines_below: 1
|
||||
|
||||
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
|
||||
MD024:
|
||||
# Only check sibling headings
|
||||
allow_different_nesting: true
|
||||
|
||||
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
|
||||
MD025:
|
||||
# Heading level
|
||||
level: 1
|
||||
# RegExp for matching title in front matter
|
||||
front_matter_title: "^\\s*title\\s*[:=]"
|
||||
|
||||
# MD026/no-trailing-punctuation - Trailing punctuation in heading
|
||||
MD026:
|
||||
# Punctuation characters
|
||||
punctuation: ".,;:!。,;:!"
|
||||
|
||||
# MD029/ol-prefix - Ordered list item prefix
|
||||
MD029:
|
||||
# List style
|
||||
style: "one_or_ordered"
|
||||
|
||||
# MD030/list-marker-space - Spaces after list markers
|
||||
MD030:
|
||||
# Spaces for single-line unordered list items
|
||||
ul_single: 1
|
||||
# Spaces for single-line ordered list items
|
||||
ol_single: 1
|
||||
# Spaces for multi-line unordered list items
|
||||
ul_multi: 1
|
||||
# Spaces for multi-line ordered list items
|
||||
ol_multi: 1
|
||||
|
||||
# MD033/no-inline-html - Inline HTML
|
||||
MD033:
|
||||
# Allowed elements
|
||||
allowed_elements: []
|
||||
|
||||
# MD035/hr-style - Horizontal rule style
|
||||
MD035:
|
||||
# Horizontal rule style
|
||||
style: "---"
|
||||
|
||||
# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading
|
||||
MD036:
|
||||
# Punctuation characters
|
||||
punctuation: ".,;:!?。,;:!?"
|
||||
|
||||
# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading
|
||||
MD041:
|
||||
# Heading level
|
||||
level: 1
|
||||
# RegExp for matching title in front matter
|
||||
front_matter_title: "^\\s*title\\s*[:=]"
|
||||
|
||||
# MD044/proper-names - Proper names should have the correct capitalization
|
||||
MD044:
|
||||
# List of proper names
|
||||
names:
|
||||
- helm
|
||||
# Include code blocks
|
||||
code_blocks: false
|
||||
|
||||
# MD046/code-block-style - Code block style
|
||||
MD046:
|
||||
# Block style
|
||||
style: "fenced"
|
||||
|
||||
# MD048/code-fence-style - Code fence style
|
||||
MD048:
|
||||
# Code fence syle
|
||||
style: "backtick"
|
15
Dockerfile
Normal file
15
Dockerfile
Normal file
@ -0,0 +1,15 @@
|
||||
FROM docker.io/library/golang:1.17.5-alpine AS build
|
||||
|
||||
ARG GOSEC_VERSION
|
||||
|
||||
RUN apk update && \
|
||||
apk upgrade && \
|
||||
apk add git make
|
||||
|
||||
RUN if [ ! -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@${GOSEC_VERSION}; fi
|
||||
RUN if [ -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@latest; fi
|
||||
|
||||
RUN cp /go/bin/gosec /usr/bin/gosec && \
|
||||
rm -rf /go/*
|
||||
|
||||
ENTRYPOINT [ "/usr/bin/gosec" ]
|
13
LICENSE
Normal file
13
LICENSE
Normal file
@ -0,0 +1,13 @@
|
||||
Copyright 2022 Markus Pesch
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
52
Makefile
Normal file
52
Makefile
Normal file
@ -0,0 +1,52 @@
|
||||
# GOSEC_VERSION
|
||||
# Only required to install a specifiy version
|
||||
GOSEC_VERSION?=v2.9.4 # renovate: datasource=github-releases depName=gosec lookupName=securego/gosec versioning=semver
|
||||
|
||||
# CONTAINER_RUNTIME
|
||||
# The CONTAINER_RUNTIME variable will be used to specified the path to a
|
||||
# container runtime. This is needed to start and run a container image.
|
||||
CONTAINER_RUNTIME?=$(shell which docker)
|
||||
|
||||
# HELM_IMAGE_REGISTRY_NAME
|
||||
# Defines the name of the new container to be built using several variables.
|
||||
HELM_IMAGE_REGISTRY_NAME:=docker.io
|
||||
HELM_IMAGE_REGISTRY_USER:=volkerraschek
|
||||
|
||||
HELM_IMAGE_NAMESPACE?=${HELM_IMAGE_REGISTRY_USER}
|
||||
HELM_IMAGE_NAME:=gosec
|
||||
HELM_IMAGE_VERSION?=latest
|
||||
HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_NAME}/${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION}
|
||||
HELM_IMAGE_UNQUALIFIED=${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION}
|
||||
|
||||
# BUILD CONTAINER IMAGE
|
||||
# ==============================================================================
|
||||
PHONY:=container-image/build
|
||||
container-image/build:
|
||||
${CONTAINER_RUNTIME} build \
|
||||
--build-arg GOSEC_VERSION=${GOSEC_VERSION} \
|
||||
--file Dockerfile \
|
||||
--no-cache \
|
||||
--pull \
|
||||
--tag ${HELM_IMAGE_FULLY_QUALIFIED} \
|
||||
--tag ${HELM_IMAGE_UNQUALIFIED} \
|
||||
.
|
||||
|
||||
# DELETE CONTAINER IMAGE
|
||||
# ==============================================================================
|
||||
PHONY:=container-image/delete
|
||||
container-image/delete:
|
||||
- ${CONTAINER_RUNTIME} image rm ${HELM_IMAGE_FULLY_QUALIFIED} ${HELM_IMAGE_UNQUALIFIED}
|
||||
- ${CONTAINER_RUNTIME} image rm ${BASE_IMAGE_FULL}
|
||||
|
||||
# PUSH CONTAINER IMAGE
|
||||
# ==============================================================================
|
||||
PHONY+=container-image/push
|
||||
container-image/push:
|
||||
echo ${HELM_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${HELM_IMAGE_REGISTRY_NAME} --username ${HELM_IMAGE_REGISTRY_USER} --password-stdin
|
||||
${CONTAINER_RUNTIME} push ${HELM_IMAGE_FULLY_QUALIFIED}
|
||||
|
||||
# PHONY
|
||||
# ==============================================================================
|
||||
# Declare the contents of the PHONY variable as phony. We keep that information
|
||||
# in a variable so we can use it in if_changed.
|
||||
.PHONY: ${PHONY}
|
35
README.md
Normal file
35
README.md
Normal file
@ -0,0 +1,35 @@
|
||||
# gosec-docker
|
||||
|
||||
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/gosec-docker/status.svg)](https://drone.cryptic.systems/volker.raschek/gosec-docker)
|
||||
[![Docker Pulls](https://img.shields.io/docker/pulls/volkerraschek/gosec)](https://hub.docker.com/r/volkerraschek/gosec)
|
||||
|
||||
This project contains all sources to build the container image
|
||||
`docker.io/volkerraschek/gosec`. The primary goal of this project is to package
|
||||
the binary `gosec` as container image to provide the functionally for CI/CD
|
||||
workflows. The source code of the binary can be found in the upstream project of
|
||||
[gosec](github.com/securego/gosec).
|
||||
|
||||
## drone
|
||||
|
||||
Here is an example how to use `docker.io/volkerraschek/gosec` to scan for
|
||||
vulerabilities.
|
||||
|
||||
```yaml
|
||||
kind: pipeline
|
||||
type: kubernetes
|
||||
name: vulnerability-scan
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: gosec
|
||||
commands:
|
||||
- gosec -v ./...
|
||||
image: docker.io/volkerraschek/gosec:latest
|
||||
resources:
|
||||
limits:
|
||||
cpu: 250
|
||||
memory: 500M
|
||||
```
|
26
manifest.tmpl
Normal file
26
manifest.tmpl
Normal file
@ -0,0 +1,26 @@
|
||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
|
||||
{{#if build.tags}}
|
||||
tags:
|
||||
{{#each build.tags}}
|
||||
- {{this}}
|
||||
{{/each}}
|
||||
- "latest"
|
||||
{{/if}}
|
||||
manifests:
|
||||
-
|
||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
|
||||
platform:
|
||||
architecture: amd64
|
||||
os: linux
|
||||
-
|
||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7
|
||||
platform:
|
||||
architecture: arm
|
||||
os: linux
|
||||
variant: v7
|
||||
-
|
||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
|
||||
platform:
|
||||
architecture: arm64
|
||||
os: linux
|
||||
variant: v8
|
34
renovate.json
Normal file
34
renovate.json
Normal file
@ -0,0 +1,34 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"assignees": [ "volker.raschek" ],
|
||||
"automergeStrategy": "merge-commit",
|
||||
"automergeType": "pr",
|
||||
"labels": [ "renovate" ],
|
||||
"packageRules": [
|
||||
{
|
||||
"addLabels": [ "renovate/droneci", "renovate/automerge" ],
|
||||
"automerge": true,
|
||||
"matchManagers": "droneci",
|
||||
"matchUpdateTypes": [ "minor", "patch"]
|
||||
},
|
||||
{
|
||||
"addLabels": [ "renovate/gosec", "renovate/automerge" ],
|
||||
"automerge": false,
|
||||
"matchPackageNames": [ "gosec" ],
|
||||
"matchManagers": [ "regex" ]
|
||||
}
|
||||
],
|
||||
"rebaseLabel": "renovate/rebase",
|
||||
"rebaseWhen": "behind-base-branch",
|
||||
"regexManagers": [
|
||||
{
|
||||
"description": "Update version",
|
||||
"fileMatch": [
|
||||
"^Makefile$"
|
||||
],
|
||||
"matchStrings": [
|
||||
"GOSEC_VERSION\\?=(?<currentValue>.*) # renovate: datasource=(?<datasource>.*) depName=(?<depName>.*) (lookupName=(?<lookupName>.*))? (versioning=(?<versioning>.*))?"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue
Block a user