Compare commits
101 Commits
Author | SHA1 | Date | |
---|---|---|---|
d6da0ab219 | |||
37f3bcab9f | |||
1c73e31919 | |||
25da8a53ee | |||
90e9b3ecb6 | |||
1807c0ce01 | |||
027f00148c | |||
13d94b39c9 | |||
1bacf8b6be | |||
f593c03981 | |||
3aec0cd3b5 | |||
a9210cc71a | |||
c819e1cb39 | |||
e13db0c244 | |||
1ce6f9c7e9 | |||
709299f885 | |||
780540de20 | |||
6f92efc3aa | |||
3982794b22 | |||
f55e618c5e | |||
1b0ec688f2 | |||
8f49599b5a | |||
c936097b8b | |||
6bafa51c18 | |||
9bbde4129d | |||
64f539cebb | |||
4cd621fa6c | |||
ea75b23fb1 | |||
639709afa9 | |||
11d5e468ec | |||
d03877e64a | |||
8859623de0 | |||
c186a0b5be | |||
cdc962221f | |||
119e9af25a | |||
95ffa8065e | |||
71b7eb6ba9 | |||
fbe63a5027 | |||
c97583c7d2 | |||
daa136f3e4 | |||
0a0a214e9e | |||
0acd5505f0 | |||
a2cc20a592 | |||
ebe1e2bd6c | |||
75777f61d2 | |||
e1d69901a7 | |||
28ee7a5d8b | |||
fee00be1f1 | |||
834f529bc2 | |||
940e7c7918 | |||
90a2f529e2 | |||
ec61631af8 | |||
6d38917136 | |||
1226cff143 | |||
c94ef136a5 | |||
710a8a4abb | |||
b439c231d9 | |||
211bb21d8d | |||
a992832914 | |||
e50c614a86 | |||
4f2096a08d | |||
3ac62994bb | |||
d3ffb8f958 | |||
975aceabab | |||
baf7a06898 | |||
8226e94d8d | |||
8cc4b3f742 | |||
a7f9c0c6cf | |||
1edef6e850 | |||
d67caaff74 | |||
823481437f | |||
3642484b71 | |||
c9fca2da82 | |||
23d30e1ec2 | |||
be6d29f7cf | |||
653cf8617f | |||
455074d813 | |||
bd6f855184 | |||
1ac6cf46ac | |||
1224fae830 | |||
2e4352a938 | |||
56ed7af5de | |||
55a96024cb | |||
153a8ae807 | |||
7328a04b8e | |||
a275c9bde2 | |||
caee174a28 | |||
071fddfb2d | |||
e329110bcb | |||
23784b0c6a | |||
1d95239f99 | |||
b98771a73b | |||
66db33c7e6 | |||
2df4196559 | |||
d60f8ecf3b | |||
fcc86696ef | |||
2a98e41abc | |||
a959083ce8 | |||
416227e726 | |||
84160a1da1 | |||
844e1e6fcb |
524
.drone.yml
524
.drone.yml
@ -3,14 +3,20 @@ kind: pipeline
|
|||||||
type: kubernetes
|
type: kubernetes
|
||||||
name: linter
|
name: linter
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: markdown lint
|
- name: markdown lint
|
||||||
commands:
|
commands:
|
||||||
- markdownlint *.md
|
- markdownlint *.md
|
||||||
image: docker.io/volkerraschek/markdownlint:0.32.2
|
image: git.cryptic.systems/volker.raschek/markdownlint:0.42.0
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 150
|
cpu: 150
|
||||||
@ -28,7 +34,7 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 150
|
cpu: 150
|
||||||
@ -48,24 +54,38 @@ kind: pipeline
|
|||||||
type: docker
|
type: docker
|
||||||
name: dry-run-amd64
|
name: dry-run-amd64
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linter
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
arch: amd64
|
arch: amd64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: docker.io/plugins/docker:latest
|
image: docker.io/plugins/docker:20.18.4
|
||||||
settings:
|
settings:
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: false
|
auto_tag: false
|
||||||
|
dockerfile: Dockerfile
|
||||||
dry_run: true
|
dry_run: true
|
||||||
|
force_tag: true
|
||||||
|
no_cache: true
|
||||||
|
purge: true
|
||||||
|
mirror:
|
||||||
|
from_secret: docker_io_mirror
|
||||||
|
registry: git.cryptic.systems
|
||||||
|
repo: git.cryptic.systems/volker.raschek/gosec
|
||||||
tags: latest-amd64
|
tags: latest-amd64
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
username:
|
||||||
from_secret: container_image_registry_user
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
password:
|
password:
|
||||||
from_secret: container_image_registry_password
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
no_cache: true
|
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -79,70 +99,12 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
when:
|
when:
|
||||||
status:
|
status:
|
||||||
- changed
|
- changed
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linter
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
branch:
|
|
||||||
exclude:
|
|
||||||
- master
|
|
||||||
event:
|
|
||||||
- pull_request
|
|
||||||
- push
|
|
||||||
repo:
|
|
||||||
- volker.raschek/gosec-docker
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: dry-run-arm-v7
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: arm
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: build
|
|
||||||
image: docker.io/plugins/docker:latest
|
|
||||||
settings:
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: false
|
|
||||||
dry_run: true
|
|
||||||
tags: latest-arm-v7
|
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
no_cache: true
|
|
||||||
|
|
||||||
- name: email-notification
|
|
||||||
environment:
|
|
||||||
SMTP_FROM_ADDRESS:
|
|
||||||
from_secret: smtp_from_address
|
|
||||||
SMTP_FROM_NAME:
|
|
||||||
from_secret: smtp_from_name
|
|
||||||
SMTP_HOST:
|
|
||||||
from_secret: smtp_host
|
|
||||||
SMTP_USERNAME:
|
|
||||||
from_secret: smtp_username
|
|
||||||
SMTP_PASSWORD:
|
|
||||||
from_secret: smtp_password
|
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
|
||||||
when:
|
|
||||||
status:
|
|
||||||
- changed
|
|
||||||
- failure
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linter
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
exclude:
|
exclude:
|
||||||
@ -158,24 +120,38 @@ kind: pipeline
|
|||||||
type: docker
|
type: docker
|
||||||
name: dry-run-arm64-v8
|
name: dry-run-arm64-v8
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linter
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
arch: arm64
|
arch: arm64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: docker.io/plugins/docker:latest
|
image: docker.io/plugins/docker:20.18.4
|
||||||
settings:
|
settings:
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: false
|
auto_tag: false
|
||||||
|
dockerfile: Dockerfile
|
||||||
dry_run: true
|
dry_run: true
|
||||||
tags: latest-arm64-v8
|
force_tag: true
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
no_cache: true
|
no_cache: true
|
||||||
|
purge: true
|
||||||
|
mirror:
|
||||||
|
from_secret: docker_io_mirror
|
||||||
|
registry: git.cryptic.systems
|
||||||
|
repo: git.cryptic.systems/volker.raschek/gosec
|
||||||
|
tags: latest-arm64-v8
|
||||||
|
username:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
|
password:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -189,15 +165,12 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
when:
|
when:
|
||||||
status:
|
status:
|
||||||
- changed
|
- changed
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linter
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
exclude:
|
exclude:
|
||||||
@ -213,23 +186,37 @@ kind: pipeline
|
|||||||
type: docker
|
type: docker
|
||||||
name: latest-amd64
|
name: latest-amd64
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linter
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
arch: amd64
|
arch: amd64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: docker.io/plugins/docker:latest
|
image: docker.io/plugins/docker:20.18.4
|
||||||
settings:
|
settings:
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: false
|
auto_tag: false
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
force_tag: true
|
||||||
|
no_cache: true
|
||||||
|
purge: true
|
||||||
|
mirror:
|
||||||
|
from_secret: docker_io_mirror
|
||||||
|
registry: git.cryptic.systems
|
||||||
|
repo: git.cryptic.systems/volker.raschek/gosec
|
||||||
tags: latest-amd64
|
tags: latest-amd64
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
username:
|
||||||
from_secret: container_image_registry_user
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
password:
|
password:
|
||||||
from_secret: container_image_registry_password
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
no_cache: true
|
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -243,68 +230,12 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
when:
|
when:
|
||||||
status:
|
status:
|
||||||
- changed
|
- changed
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linter
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
branch:
|
|
||||||
- master
|
|
||||||
event:
|
|
||||||
- cron
|
|
||||||
- push
|
|
||||||
repo:
|
|
||||||
- volker.raschek/gosec-docker
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: latest-arm-v7
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: arm
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: build
|
|
||||||
image: docker.io/plugins/docker:latest
|
|
||||||
settings:
|
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: false
|
|
||||||
tags: latest-arm-v7
|
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
no_cache: true
|
|
||||||
|
|
||||||
- name: email-notification
|
|
||||||
environment:
|
|
||||||
SMTP_FROM_ADDRESS:
|
|
||||||
from_secret: smtp_from_address
|
|
||||||
SMTP_FROM_NAME:
|
|
||||||
from_secret: smtp_from_name
|
|
||||||
SMTP_HOST:
|
|
||||||
from_secret: smtp_host
|
|
||||||
SMTP_USERNAME:
|
|
||||||
from_secret: smtp_username
|
|
||||||
SMTP_PASSWORD:
|
|
||||||
from_secret: smtp_password
|
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
|
||||||
when:
|
|
||||||
status:
|
|
||||||
- changed
|
|
||||||
- failure
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linter
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
- master
|
- master
|
||||||
@ -319,23 +250,37 @@ kind: pipeline
|
|||||||
type: docker
|
type: docker
|
||||||
name: latest-arm64-v8
|
name: latest-arm64-v8
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linter
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
arch: arm64
|
arch: arm64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: docker.io/plugins/docker:latest
|
image: docker.io/plugins/docker:20.18.4
|
||||||
settings:
|
settings:
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: false
|
auto_tag: false
|
||||||
tags: latest-arm64-v8
|
dockerfile: Dockerfile
|
||||||
repo: volkerraschek/gosec
|
force_tag: true
|
||||||
username:
|
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
no_cache: true
|
no_cache: true
|
||||||
|
purge: true
|
||||||
|
mirror:
|
||||||
|
from_secret: docker_io_mirror
|
||||||
|
registry: git.cryptic.systems
|
||||||
|
repo: git.cryptic.systems/volker.raschek/gosec
|
||||||
|
tags: latest-arm64-v8
|
||||||
|
username:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
|
password:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -349,15 +294,12 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
when:
|
when:
|
||||||
status:
|
status:
|
||||||
- changed
|
- changed
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linter
|
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
- master
|
- master
|
||||||
@ -372,17 +314,32 @@ kind: pipeline
|
|||||||
type: kubernetes
|
type: kubernetes
|
||||||
name: latest-manifest
|
name: latest-manifest
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- latest-amd64
|
||||||
|
- latest-arm64-v8
|
||||||
|
|
||||||
|
# docker.io/plugins/manifest only for amd64 architectures available
|
||||||
|
node_selector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
kubernetes.io/arch: amd64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build-manifest
|
- name: build-manifest
|
||||||
image: docker.io/plugins/manifest:latest
|
image: docker.io/plugins/manifest:1.4.0
|
||||||
settings:
|
settings:
|
||||||
auto_tag: false
|
auto_tag: false
|
||||||
ignore_missing: true
|
ignore_missing: true
|
||||||
spec: manifest.tmpl
|
spec: manifest.tmpl
|
||||||
username:
|
username:
|
||||||
from_secret: container_image_registry_user
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
password:
|
password:
|
||||||
from_secret: container_image_registry_password
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -396,7 +353,7 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 150
|
cpu: 150
|
||||||
@ -406,10 +363,65 @@ steps:
|
|||||||
- changed
|
- changed
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
branch:
|
||||||
|
- master
|
||||||
|
event:
|
||||||
|
- cron
|
||||||
|
- push
|
||||||
|
repo:
|
||||||
|
- volker.raschek/gosec-docker
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: kubernetes
|
||||||
|
name: latest-sync
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- latest-amd64
|
- latest-manifest
|
||||||
- latest-arm-v7
|
|
||||||
- latest-arm64-v8
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
|
- name: latest-sync
|
||||||
|
commands:
|
||||||
|
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
|
||||||
|
environment:
|
||||||
|
SRC_CRED_USERNAME:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
|
SRC_CRED_PASSWORD:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
DEST_CRED_USERNAME:
|
||||||
|
from_secret: container_image_registry_user
|
||||||
|
DEST_CRED_PASSWORD:
|
||||||
|
from_secret: container_image_registry_password
|
||||||
|
image: quay.io/skopeo/stable:v1.16.1
|
||||||
|
|
||||||
|
- name: email-notification
|
||||||
|
environment:
|
||||||
|
SMTP_FROM_ADDRESS:
|
||||||
|
from_secret: smtp_from_address
|
||||||
|
SMTP_FROM_NAME:
|
||||||
|
from_secret: smtp_from_name
|
||||||
|
SMTP_HOST:
|
||||||
|
from_secret: smtp_host
|
||||||
|
SMTP_USERNAME:
|
||||||
|
from_secret: smtp_username
|
||||||
|
SMTP_PASSWORD:
|
||||||
|
from_secret: smtp_password
|
||||||
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 150
|
||||||
|
memory: 150M
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- changed
|
||||||
|
- failure
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
@ -425,74 +437,36 @@ kind: pipeline
|
|||||||
type: docker
|
type: docker
|
||||||
name: tagged-amd64
|
name: tagged-amd64
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
arch: amd64
|
arch: amd64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: docker.io/plugins/docker:latest
|
image: docker.io/plugins/docker:20.18.4
|
||||||
settings:
|
settings:
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: true
|
auto_tag: true
|
||||||
auto_tag_suffix: amd64
|
auto_tag_suffix: amd64
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
build_args:
|
|
||||||
- GOSEC_VERSION=${DRONE_TAG}
|
|
||||||
no_cache: true
|
|
||||||
|
|
||||||
- name: email-notification
|
|
||||||
environment:
|
|
||||||
SMTP_FROM_ADDRESS:
|
|
||||||
from_secret: smtp_from_address
|
|
||||||
SMTP_FROM_NAME:
|
|
||||||
from_secret: smtp_from_name
|
|
||||||
SMTP_HOST:
|
|
||||||
from_secret: smtp_host
|
|
||||||
SMTP_USERNAME:
|
|
||||||
from_secret: smtp_username
|
|
||||||
SMTP_PASSWORD:
|
|
||||||
from_secret: smtp_password
|
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
|
||||||
when:
|
|
||||||
status:
|
|
||||||
- changed
|
|
||||||
- failure
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
event:
|
|
||||||
- tag
|
|
||||||
repo:
|
|
||||||
- volker.raschek/gosec-docker
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: tagged-arm-v7
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: arm
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: build
|
|
||||||
image: docker.io/plugins/docker:latest
|
|
||||||
settings:
|
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
auto_tag: true
|
force_tag: true
|
||||||
auto_tag_suffix: arm-v7
|
|
||||||
repo: volkerraschek/gosec
|
|
||||||
username:
|
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
build_args:
|
|
||||||
- GOSEC_VERSION=${DRONE_TAG}
|
|
||||||
no_cache: true
|
no_cache: true
|
||||||
|
purge: true
|
||||||
|
mirror:
|
||||||
|
from_secret: docker_io_mirror
|
||||||
|
registry: git.cryptic.systems
|
||||||
|
repo: git.cryptic.systems/volker.raschek/gosec
|
||||||
|
username:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
|
password:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
build_args:
|
||||||
|
- GOSEC_VERSION=v${DRONE_TAG}
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -506,7 +480,7 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
when:
|
when:
|
||||||
status:
|
status:
|
||||||
- changed
|
- changed
|
||||||
@ -523,25 +497,36 @@ kind: pipeline
|
|||||||
type: docker
|
type: docker
|
||||||
name: tagged-arm64-v8
|
name: tagged-arm64-v8
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
platform:
|
platform:
|
||||||
os: linux
|
os: linux
|
||||||
arch: arm64
|
arch: arm64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build
|
- name: build
|
||||||
image: docker.io/plugins/docker:latest
|
image: docker.io/plugins/docker:20.18.4
|
||||||
settings:
|
settings:
|
||||||
dockerfile: Dockerfile
|
|
||||||
auto_tag: true
|
auto_tag: true
|
||||||
auto_tag_suffix: arm64-v8
|
auto_tag_suffix: arm64-v8
|
||||||
repo: volkerraschek/gosec
|
dockerfile: Dockerfile
|
||||||
username:
|
force_tag: true
|
||||||
from_secret: container_image_registry_user
|
|
||||||
password:
|
|
||||||
from_secret: container_image_registry_password
|
|
||||||
build_args:
|
|
||||||
- GOSEC_VERSION=${DRONE_TAG}
|
|
||||||
no_cache: true
|
no_cache: true
|
||||||
|
purge: true
|
||||||
|
mirror:
|
||||||
|
from_secret: docker_io_mirror
|
||||||
|
registry: git.cryptic.systems
|
||||||
|
repo: git.cryptic.systems/volker.raschek/gosec
|
||||||
|
username:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
|
password:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
build_args:
|
||||||
|
- GOSEC_VERSION=v${DRONE_TAG}
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -555,7 +540,7 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
when:
|
when:
|
||||||
status:
|
status:
|
||||||
- changed
|
- changed
|
||||||
@ -572,17 +557,32 @@ kind: pipeline
|
|||||||
type: kubernetes
|
type: kubernetes
|
||||||
name: tagged-manifest
|
name: tagged-manifest
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- tagged-amd64
|
||||||
|
- tagged-arm64-v8
|
||||||
|
|
||||||
|
# docker.io/plugins/manifest only for amd64 architectures available
|
||||||
|
node_selector:
|
||||||
|
kubernetes.io/os: linux
|
||||||
|
kubernetes.io/arch: amd64
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
- name: build-manifest
|
- name: build-manifest
|
||||||
image: docker.io/plugins/manifest:latest
|
image: docker.io/plugins/manifest:1.4.0
|
||||||
settings:
|
settings:
|
||||||
auto_tag: true
|
auto_tag: true
|
||||||
ignore_missing: true
|
ignore_missing: true
|
||||||
spec: manifest.tmpl
|
spec: manifest.tmpl
|
||||||
username:
|
username:
|
||||||
from_secret: container_image_registry_user
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
password:
|
password:
|
||||||
from_secret: container_image_registry_password
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
|
||||||
- name: email-notification
|
- name: email-notification
|
||||||
environment:
|
environment:
|
||||||
@ -596,7 +596,7 @@ steps:
|
|||||||
from_secret: smtp_username
|
from_secret: smtp_username
|
||||||
SMTP_PASSWORD:
|
SMTP_PASSWORD:
|
||||||
from_secret: smtp_password
|
from_secret: smtp_password
|
||||||
image: docker.io/volkerraschek/drone-email:0.1.1
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 150
|
cpu: 150
|
||||||
@ -606,10 +606,62 @@ steps:
|
|||||||
- changed
|
- changed
|
||||||
- failure
|
- failure
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
- tag
|
||||||
|
repo:
|
||||||
|
- volker.raschek/gosec-docker
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
type: kubernetes
|
||||||
|
name: tagged-sync
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
depends_on:
|
depends_on:
|
||||||
- tagged-amd64
|
- tagged-manifest
|
||||||
- tagged-arm-v7
|
|
||||||
- tagged-arm64-v8
|
steps:
|
||||||
|
- name: clone
|
||||||
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
||||||
|
|
||||||
|
- name: tagged-sync
|
||||||
|
commands:
|
||||||
|
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
|
||||||
|
environment:
|
||||||
|
SRC_CRED_USERNAME:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_user
|
||||||
|
SRC_CRED_PASSWORD:
|
||||||
|
from_secret: git_cryptic_systems_container_registry_password
|
||||||
|
DEST_CRED_USERNAME:
|
||||||
|
from_secret: container_image_registry_user
|
||||||
|
DEST_CRED_PASSWORD:
|
||||||
|
from_secret: container_image_registry_password
|
||||||
|
image: quay.io/skopeo/stable:v1.16.1
|
||||||
|
|
||||||
|
- name: email-notification
|
||||||
|
environment:
|
||||||
|
SMTP_FROM_ADDRESS:
|
||||||
|
from_secret: smtp_from_address
|
||||||
|
SMTP_FROM_NAME:
|
||||||
|
from_secret: smtp_from_name
|
||||||
|
SMTP_HOST:
|
||||||
|
from_secret: smtp_host
|
||||||
|
SMTP_USERNAME:
|
||||||
|
from_secret: smtp_username
|
||||||
|
SMTP_PASSWORD:
|
||||||
|
from_secret: smtp_password
|
||||||
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 150
|
||||||
|
memory: 150M
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- changed
|
||||||
|
- failure
|
||||||
|
|
||||||
trigger:
|
trigger:
|
||||||
event:
|
event:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
FROM docker.io/library/golang:1.19.3-alpine AS build
|
FROM docker.io/library/golang:1.23.3-alpine AS build
|
||||||
|
|
||||||
ARG GOSEC_VERSION
|
ARG GOSEC_VERSION
|
||||||
|
|
||||||
@ -6,7 +6,7 @@ RUN apk update && \
|
|||||||
apk upgrade && \
|
apk upgrade && \
|
||||||
apk add git make
|
apk add git make
|
||||||
|
|
||||||
RUN if [ ! -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@v${GOSEC_VERSION}; fi
|
RUN if [ ! -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@${GOSEC_VERSION}; fi
|
||||||
RUN if [ -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@latest; fi
|
RUN if [ -z "${GOSEC_VERSION}" ]; then set -ex; go install github.com/securego/gosec/v2/cmd/gosec@latest; fi
|
||||||
|
|
||||||
RUN cp /go/bin/gosec /usr/bin/gosec && \
|
RUN cp /go/bin/gosec /usr/bin/gosec && \
|
||||||
|
6
Makefile
6
Makefile
@ -1,6 +1,6 @@
|
|||||||
# GOSEC_VERSION
|
# GOSEC_VERSION
|
||||||
# Only required to install a specifiy version
|
# Only required to install a specifiy version
|
||||||
GOSEC_VERSION?=v2.14.0 # renovate: datasource=github-releases depName=securego/gosec
|
GOSEC_VERSION?=v2.21.4 # renovate: datasource=github-releases depName=securego/gosec
|
||||||
|
|
||||||
# CONTAINER_RUNTIME
|
# CONTAINER_RUNTIME
|
||||||
# The CONTAINER_RUNTIME variable will be used to specified the path to a
|
# The CONTAINER_RUNTIME variable will be used to specified the path to a
|
||||||
@ -9,8 +9,8 @@ CONTAINER_RUNTIME?=$(shell which podman)
|
|||||||
|
|
||||||
# GOSEC_IMAGE_REGISTRY_NAME
|
# GOSEC_IMAGE_REGISTRY_NAME
|
||||||
# Defines the name of the new container to be built using several variables.
|
# Defines the name of the new container to be built using several variables.
|
||||||
GOSEC_IMAGE_REGISTRY_NAME:=docker.io
|
GOSEC_IMAGE_REGISTRY_NAME:=git.cryptic.systems
|
||||||
GOSEC_IMAGE_REGISTRY_USER:=volkerraschek
|
GOSEC_IMAGE_REGISTRY_USER:=volker.raschek
|
||||||
|
|
||||||
GOSEC_IMAGE_NAMESPACE?=${GOSEC_IMAGE_REGISTRY_USER}
|
GOSEC_IMAGE_NAMESPACE?=${GOSEC_IMAGE_REGISTRY_USER}
|
||||||
GOSEC_IMAGE_NAME:=gosec
|
GOSEC_IMAGE_NAME:=gosec
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
|
image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
|
||||||
{{#if build.tags}}
|
{{#if build.tags}}
|
||||||
tags:
|
tags:
|
||||||
{{#each build.tags}}
|
{{#each build.tags}}
|
||||||
@ -7,19 +7,11 @@ tags:
|
|||||||
- "latest"
|
- "latest"
|
||||||
{{/if}}
|
{{/if}}
|
||||||
manifests:
|
manifests:
|
||||||
-
|
- image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
|
||||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
|
|
||||||
platform:
|
platform:
|
||||||
architecture: amd64
|
architecture: amd64
|
||||||
os: linux
|
os: linux
|
||||||
-
|
- image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
|
||||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7
|
|
||||||
platform:
|
|
||||||
architecture: arm
|
|
||||||
os: linux
|
|
||||||
variant: v7
|
|
||||||
-
|
|
||||||
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
|
|
||||||
platform:
|
platform:
|
||||||
architecture: arm64
|
architecture: arm64
|
||||||
os: linux
|
os: linux
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"assignees": [ "volker.raschek" ],
|
"assignees": [ "volker.raschek" ],
|
||||||
"automergeStrategy": "merge-commit",
|
|
||||||
"automergeType": "pr",
|
|
||||||
"labels": [ "renovate" ],
|
"labels": [ "renovate" ],
|
||||||
"packageRules": [
|
"packageRules": [
|
||||||
{
|
{
|
||||||
@ -11,6 +9,13 @@
|
|||||||
"matchManagers": "droneci",
|
"matchManagers": "droneci",
|
||||||
"matchUpdateTypes": [ "minor", "patch"]
|
"matchUpdateTypes": [ "minor", "patch"]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "Automatically update patch version of used container images in docker files",
|
||||||
|
"addLabels": [ "renovate/container-image", "renovate/automerge" ],
|
||||||
|
"automerge": true,
|
||||||
|
"matchManagers": [ "dockerfile" ],
|
||||||
|
"matchUpdateTypes": [ "patch" ]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"addLabels": [ "renovate/gosec", "renovate/automerge" ],
|
"addLabels": [ "renovate/gosec", "renovate/automerge" ],
|
||||||
"automerge": false,
|
"automerge": false,
|
||||||
|
Loading…
Reference in New Issue
Block a user