From 9ce654629cd9f9f3da2c549245f9b660ed885899 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sun, 30 Jan 2022 21:39:29 +0100 Subject: [PATCH] Initial Commit --- .dockerignore | 0 .drone.yml | 721 +++++++++++++++++++++++++++++++++++++++++++ .editorconfig | 12 + .gitattributes | 1 + .gitignore | 2 + .markdownlint.yaml | 144 +++++++++ Dockerfile | 14 + LICENSE | 13 + Makefile | 52 ++++ README.md | 35 +++ manifest.alpine.tmpl | 26 ++ renovate.json | 34 ++ 12 files changed, 1054 insertions(+) create mode 100644 .dockerignore create mode 100644 .drone.yml create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .markdownlint.yaml create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.md create mode 100644 manifest.alpine.tmpl create mode 100644 renovate.json diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e69de29 diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..51e94ca --- /dev/null +++ b/.drone.yml @@ -0,0 +1,721 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + +steps: +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.30.0 + resources: + limits: + cpu: 50 + memory: 50M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag + +--- +kind: pipeline +type: docker +name: dry-run-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + dry_run: true + tags: latest-amd64 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + exclude: + - master + event: + - pull_request + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: dry-run-arm-v7 + +platform: + os: linux + arch: arm + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + dry_run: true + tags: latest-arm-v7 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + exclude: + - master + event: + - pull_request + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: dry-run-arm64-v8 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + dry_run: true + tags: latest-arm64-v8 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + exclude: + - master + event: + - pull_request + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: latest-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + tags: latest-amd64 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: latest-arm-v7 + +platform: + os: linux + arch: arm + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + tags: latest-arm-v7 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: latest-arm64-v8 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: false + tags: latest-arm64-v8 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + no_cache: true + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + volumes: + - name: docker_socket + path: /var/run/docker.sock + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +depends_on: +- linter + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: latest-manifest + +steps: +- name: build-manifest + image: plugins/manifest + settings: + auto_tag: false + ignore_missing: true + spec: manifest.tmpl + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + +- name: notify + image: docker.io/drillster/drone-email:latest + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +depends_on: +- latest-amd64 +- latest-arm-v7 +- latest-arm64-v8 + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: tagged-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: true + auto_tag_suffix: amd64 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + build_args: + - HELM_VERSION=${DRONE_TAG} + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: tagged-arm-v7 + +platform: + os: linux + arch: arm + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: true + auto_tag_suffix: arm-v7 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + build_args: + - HELM_VERSION=${DRONE_TAG} + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: docker +name: tagged-arm64-v8 + +platform: + os: linux + arch: arm64 + +steps: +- name: build + image: plugins/docker + settings: + dockerfile: Dockerfile + auto_tag: true + auto_tag_suffix: arm64-v8 + repo: volkerraschek/gosec + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + build_args: + - HELM_VERSION=${DRONE_TAG} + no_cache: true + volumes: + - name: docker_socket + path: /var/run/docker.sock + +- name: notify + image: drillster/drone-email + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + when: + status: + - changed + - failure + +volumes: +- name: docker_socket + host: + path: /var/run/docker.sock + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: tagged-manifest + +steps: +- name: build-manifest + image: plugins/manifest + settings: + auto_tag: true + ignore_missing: true + spec: manifest.tmpl + username: + from_secret: container_image_registry_user + password: + from_secret: container_image_registry_password + +- name: notify + image: docker.io/drillster/drone-email:latest + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +depends_on: +- tagged-amd64 +- tagged-arm-v7 +- tagged-arm64-v8 + +trigger: + event: + - tag + repo: + - volker.raschek/gosec-docker + +--- +kind: pipeline +type: kubernetes +name: sync + +platform: + os: linux + arch: amd64 + +steps: +- name: github + image: docker.io/appleboy/drone-git-push:latest + resources: + limits: + cpu: 50 + memory: 25M + settings: + branch: master + remote: ssh://git@github.com/volker-raschek/gosec-docker.git + force: true + ssh_key: + from_secret: ssh_key + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +depends_on: +- latest-manifest + +trigger: + branch: + - master + event: + - cron + - push + repo: + - volker.raschek/gosec-docker diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..b53e68c --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dcd9d00 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +Makefile eol=lf \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..82fbe68 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# IntelliJ +.idea/ diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..58b704a --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,144 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - helm + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b31db55 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM docker.io/library/golang:1.17.5-alpine AS build + +ARG GOSEC_VERSION + +RUN apk update && \ + apk upgrade && \ + apk add git make + +RUN if [ ! -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@${GOSEC_VERSION}; fi +RUN if [ -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@latest; fi + +FROM docker.io/library/alpine:3.15.0 +COPY --from=build /go/bin/gosec /usr/bin/gosec +ENTRYPOINT [ "/usr/bin/gosec" ] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9ce8f76 --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2022 Markus Pesch + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..4770487 --- /dev/null +++ b/Makefile @@ -0,0 +1,52 @@ +# GOSEC_VERSION +# Only required to install a specifiy version +GOSEC_VERSION?=v2.9.4 # renovate: datasource=github-releases depName=gosec lookupName=gsecurego/gosec versioning=semver + +# CONTAINER_RUNTIME +# The CONTAINER_RUNTIME variable will be used to specified the path to a +# container runtime. This is needed to start and run a container image. +CONTAINER_RUNTIME?=$(shell which docker) + +# HELM_IMAGE_REGISTRY_NAME +# Defines the name of the new container to be built using several variables. +HELM_IMAGE_REGISTRY_NAME:=docker.io +HELM_IMAGE_REGISTRY_USER:=volkerraschek + +HELM_IMAGE_NAMESPACE?=${HELM_IMAGE_REGISTRY_USER} +HELM_IMAGE_NAME:=gosec +HELM_IMAGE_VERSION?=latest +HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_NAME}/${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION} +HELM_IMAGE_UNQUALIFIED=${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION} + +# BUILD CONTAINER IMAGE +# ============================================================================== +PHONY:=container-image/build +container-image/build: + ${CONTAINER_RUNTIME} build \ + --build-arg GOSEC_VERSION=${GOSEC_VERSION} \ + --file Dockerfile \ + --no-cache \ + --pull \ + --tag ${HELM_IMAGE_FULLY_QUALIFIED} \ + --tag ${HELM_IMAGE_UNQUALIFIED} \ + . + +# DELETE CONTAINER IMAGE +# ============================================================================== +PHONY:=container-image/delete +container-image/delete: + - ${CONTAINER_RUNTIME} image rm ${HELM_IMAGE_FULLY_QUALIFIED} ${HELM_IMAGE_UNQUALIFIED} + - ${CONTAINER_RUNTIME} image rm ${BASE_IMAGE_FULL} + +# PUSH CONTAINER IMAGE +# ============================================================================== +PHONY+=container-image/push +container-image/push: + echo ${HELM_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${HELM_IMAGE_REGISTRY_NAME} --username ${HELM_IMAGE_REGISTRY_USER} --password-stdin + ${CONTAINER_RUNTIME} push ${HELM_IMAGE_FULLY_QUALIFIED} + +# PHONY +# ============================================================================== +# Declare the contents of the PHONY variable as phony. We keep that information +# in a variable so we can use it in if_changed. +.PHONY: ${PHONY} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..96f5da9 --- /dev/null +++ b/README.md @@ -0,0 +1,35 @@ +# gosec-docker + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/gosec-docker/status.svg)](https://drone.cryptic.systems/volker.raschek/gosec-docker) +[![Docker Pulls](https://img.shields.io/docker/pulls/volkerraschek/gosec)](https://hub.docker.com/r/volkerraschek/gosec) + +This project contains all sources to build the container image +`docker.io/volkerraschek/gosec`. The primary goal of this project is to package +the binary `gosec` as container image to provide the functionally for CI/CD +workflows. The source code of the binary can be found in the upstream project of +[gosec](github.com/securego/gosec). + +## drone + +Here is an example how to use `docker.io/volkerraschek/gosec` to scan for +vulerabilities. + +```yaml +kind: pipeline +type: kubernetes +name: vulnerability-scan + +platform: + os: linux + arch: amd64 + +steps: +- name: gosec + commands: + - gosec -v ./... + image: docker.io/volkerraschek/gosec:latest + resources: + limits: + cpu: 250 + memory: 500M +``` diff --git a/manifest.alpine.tmpl b/manifest.alpine.tmpl new file mode 100644 index 0000000..259287b --- /dev/null +++ b/manifest.alpine.tmpl @@ -0,0 +1,26 @@ +image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + - {{this}} +{{/each}} + - "latest" +{{/if}} +manifests: + - + image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64 + platform: + architecture: amd64 + os: linux + - + image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7 + platform: + architecture: arm + os: linux + variant: v7 + - + image: volkerraschek/helm:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8 + platform: + architecture: arm64 + os: linux + variant: v8 \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..562005e --- /dev/null +++ b/renovate.json @@ -0,0 +1,34 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "assignees": [ "volker.raschek" ], + "automergeStrategy": "merge-commit", + "automergeType": "pr", + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/droneci", "renovate/automerge" ], + "automerge": true, + "matchManagers": "droneci", + "matchUpdateTypes": [ "minor", "patch"] + }, + { + "addLabels": [ "renovate/gosec", "renovate/automerge" ], + "automerge": false, + "matchPackageNames": [ "gosec" ], + "matchManagers": [ "regex" ] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch", + "regexManagers": [ + { + "description": "Update version", + "fileMatch": [ + "^Makefile$" + ], + "matchStrings": [ + "GOSEC_VERSION\\?=(?.*) # renovate: datasource=(?.*) depName=(?.*) (lookupName=(?.*))? (versioning=(?.*))?" + ] + } + ] +}