volker.raschek/gosec-docker
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: volker.raschek:master
Branches Tags
volker.raschek:master
volker.raschek:2.19.0
volker.raschek:2.18.2
volker.raschek:2.18.1
volker.raschek:2.18.0
volker.raschek:2.16.0
volker.raschek:2.15.0
volker.raschek:2.14.0
volker.raschek:2.13.1
volker.raschek:2.12.0
volker.raschek:2.11.0
volker.raschek:2.9.6
volker.raschek:2.9.4
..
compare: volker.raschek:2.11.0
Branches Tags
volker.raschek:master
volker.raschek:2.19.0
volker.raschek:2.18.2
volker.raschek:2.18.1
volker.raschek:2.18.0
volker.raschek:2.16.0
volker.raschek:2.15.0
volker.raschek:2.14.0
volker.raschek:2.13.1
volker.raschek:2.12.0
volker.raschek:2.11.0
volker.raschek:2.9.6
volker.raschek:2.9.4

No commits in common. "master" and "2.11.0" have entirely different histories.
master ... 2.11.0

5 changed files with 418 additions and 364 deletions
Show Stats Expand all files Collapse all files

727
.drone.yml
View File

@ -3,42 +3,34 @@ kind: pipeline
type: kubernetes type: kubernetes
name: linter name: linter
clone:
disable: true
platform: platform:
os: linux os: linux
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: markdown lint - name: markdown lint
commands: commands:
- markdownlint *.md - markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.42.0 image: docker.io/volkerraschek/markdownlint:0.31.1
resources: resources:
limits: limits:
cpu: 150 cpu: 50
memory: 150M memory: 50M
- name: email-notification - name: email-notification
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
image: docker.io/drillster/drone-email:latest
resources: resources:
limits: limits:
cpu: 150 cpu: 50
memory: 150M memory: 25M
when: when:
status: status:
- changed - changed
@ -54,57 +46,113 @@ kind: pipeline
type: docker type: docker
name: dry-run-amd64 name: dry-run-amd64
clone:
disable: true
depends_on:
- linter
platform: platform:
os: linux os: linux
arch: amd64 arch: amd64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: plugins/docker
settings: settings:
auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
auto_tag: false
dry_run: true dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
tags: latest-amd64 tags: latest-amd64
repo: volkerraschek/gosec
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
no_cache: true
volumes:
- name: docker_socket
path: /var/run/docker.sock
- name: email-notification - name: notify
image: drillster/drone-email
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
when: when:
status: status:
- changed - changed
- failure - failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
depends_on:
- linter
trigger:
branch:
exclude:
- master
event:
- pull_request
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: dry-run-arm-v7
platform:
os: linux
arch: arm
steps:
- name: build
image: plugins/docker
settings:
dockerfile: Dockerfile
auto_tag: false
dry_run: true
tags: latest-arm-v7
repo: volkerraschek/gosec
username:
from_secret: container_image_registry_user
password:
from_secret: container_image_registry_password
no_cache: true
- name: notify
image: drillster/drone-email
environment:
PLUGIN_HOST:
from_secret: smtp_host
PLUGIN_USERNAME:
from_secret: smtp_username
PLUGIN_PASSWORD:
from_secret: smtp_password
PLUGIN_FROM:
from_secret: smtp_mail_address
volumes:
- name: docker_socket
path: /var/run/docker.sock
when:
status:
- changed
- failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
depends_on:
- linter
trigger: trigger:
branch: branch:
exclude: exclude:
@ -120,57 +168,52 @@ kind: pipeline
type: docker type: docker
name: dry-run-arm64-v8 name: dry-run-arm64-v8
clone:
disable: true
depends_on:
- linter
platform: platform:
os: linux os: linux
arch: arm64 arch: arm64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: plugins/docker
settings: settings:
auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
auto_tag: false
dry_run: true dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
tags: latest-arm64-v8 tags: latest-arm64-v8
repo: volkerraschek/gosec
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
no_cache: true
- name: email-notification - name: notify
image: drillster/drone-email
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
volumes:
- name: docker_socket
path: /var/run/docker.sock
when: when:
status: status:
- changed - changed
- failure - failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
depends_on:
- linter
trigger: trigger:
branch: branch:
exclude: exclude:
@ -186,56 +229,110 @@ kind: pipeline
type: docker type: docker
name: latest-amd64 name: latest-amd64
clone:
disable: true
depends_on:
- linter
platform: platform:
os: linux os: linux
arch: amd64 arch: amd64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: plugins/docker
settings: settings:
auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
force_tag: true auto_tag: false
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
tags: latest-amd64 tags: latest-amd64
repo: volkerraschek/gosec
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
no_cache: true
volumes:
- name: docker_socket
path: /var/run/docker.sock
- name: email-notification - name: notify
image: drillster/drone-email
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
when: when:
status: status:
- changed - changed
- failure - failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
depends_on:
- linter
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: latest-arm-v7
platform:
os: linux
arch: arm
steps:
- name: build
image: plugins/docker
settings:
dockerfile: Dockerfile
auto_tag: false
tags: latest-arm-v7
repo: volkerraschek/gosec
username:
from_secret: container_image_registry_user
password:
from_secret: container_image_registry_password
no_cache: true
- name: notify
image: drillster/drone-email
environment:
PLUGIN_HOST:
from_secret: smtp_host
PLUGIN_USERNAME:
from_secret: smtp_username
PLUGIN_PASSWORD:
from_secret: smtp_password
PLUGIN_FROM:
from_secret: smtp_mail_address
volumes:
- name: docker_socket
path: /var/run/docker.sock
when:
status:
- changed
- failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
depends_on:
- linter
trigger: trigger:
branch: branch:
- master - master
@ -250,56 +347,51 @@ kind: pipeline
type: docker type: docker
name: latest-arm64-v8 name: latest-arm64-v8
clone:
disable: true
depends_on:
- linter
platform: platform:
os: linux os: linux
arch: arm64 arch: arm64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: plugins/docker
settings: settings:
auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
force_tag: true auto_tag: false
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
tags: latest-arm64-v8 tags: latest-arm64-v8
repo: volkerraschek/gosec
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
no_cache: true
- name: email-notification - name: notify
image: drillster/drone-email
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
volumes:
- name: docker_socket
path: /var/run/docker.sock
when: when:
status: status:
- changed - changed
- failure - failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
depends_on:
- linter
trigger: trigger:
branch: branch:
- master - master
@ -314,114 +406,42 @@ kind: pipeline
type: kubernetes type: kubernetes
name: latest-manifest name: latest-manifest
clone:
disable: true
depends_on:
- latest-amd64
- latest-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build-manifest - name: build-manifest
image: docker.io/plugins/manifest:1.4.0 image: plugins/manifest
settings: settings:
auto_tag: false auto_tag: false
ignore_missing: true ignore_missing: true
spec: manifest.tmpl spec: manifest.tmpl
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
- name: email-notification - name: notify
image: docker.io/drillster/drone-email:latest
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
resources: resources:
limits: limits:
cpu: 150 cpu: 50
memory: 150M memory: 25M
when: when:
status: status:
- changed - changed
- failure - failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: kubernetes
name: latest-sync
clone:
disable: true
depends_on: depends_on:
- latest-manifest - latest-amd64
- latest-arm-v7
steps: - latest-arm64-v8
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: latest-sync
commands:
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
environment:
SRC_CRED_USERNAME:
from_secret: git_cryptic_systems_container_registry_user
SRC_CRED_PASSWORD:
from_secret: git_cryptic_systems_container_registry_password
DEST_CRED_USERNAME:
from_secret: container_image_registry_user
DEST_CRED_PASSWORD:
from_secret: container_image_registry_password
image: quay.io/skopeo/stable:v1.16.1
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger: trigger:
branch: branch:
@ -437,55 +457,105 @@ kind: pipeline
type: docker type: docker
name: tagged-amd64 name: tagged-amd64
clone:
disable: true
platform: platform:
os: linux os: linux
arch: amd64 arch: amd64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: plugins/docker
settings: settings:
dockerfile: Dockerfile
auto_tag: true auto_tag: true
auto_tag_suffix: amd64 auto_tag_suffix: amd64
dockerfile: Dockerfile repo: volkerraschek/gosec
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
build_args: build_args:
- GOSEC_VERSION=v${DRONE_TAG} - HELM_VERSION=${DRONE_TAG}
no_cache: true
volumes:
- name: docker_socket
path: /var/run/docker.sock
- name: email-notification - name: notify
image: drillster/drone-email
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
when: when:
status: status:
- changed - changed
- failure - failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
trigger:
event:
- tag
repo:
- volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: tagged-arm-v7
platform:
os: linux
arch: arm
steps:
- name: build
image: plugins/docker
settings:
dockerfile: Dockerfile
auto_tag: true
auto_tag_suffix: arm-v7
repo: volkerraschek/gosec
username:
from_secret: container_image_registry_user
password:
from_secret: container_image_registry_password
build_args:
- HELM_VERSION=${DRONE_TAG}
no_cache: true
volumes:
- name: docker_socket
path: /var/run/docker.sock
- name: notify
image: drillster/drone-email
environment:
PLUGIN_HOST:
from_secret: smtp_host
PLUGIN_USERNAME:
from_secret: smtp_username
PLUGIN_PASSWORD:
from_secret: smtp_password
PLUGIN_FROM:
from_secret: smtp_mail_address
when:
status:
- changed
- failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
trigger: trigger:
event: event:
- tag - tag
@ -497,55 +567,50 @@ kind: pipeline
type: docker type: docker
name: tagged-arm64-v8 name: tagged-arm64-v8
clone:
disable: true
platform: platform:
os: linux os: linux
arch: arm64 arch: arm64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: plugins/docker
settings: settings:
dockerfile: Dockerfile
auto_tag: true auto_tag: true
auto_tag_suffix: arm64-v8 auto_tag_suffix: arm64-v8
dockerfile: Dockerfile repo: volkerraschek/gosec
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
build_args: build_args:
- GOSEC_VERSION=v${DRONE_TAG} - HELM_VERSION=${DRONE_TAG}
no_cache: true
volumes:
- name: docker_socket
path: /var/run/docker.sock
- name: email-notification - name: notify
image: drillster/drone-email
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
when: when:
status: status:
- changed - changed
- failure - failure
volumes:
- name: docker_socket
host:
path: /var/run/docker.sock
trigger: trigger:
event: event:
- tag - tag
@ -557,55 +622,43 @@ kind: pipeline
type: kubernetes type: kubernetes
name: tagged-manifest name: tagged-manifest
clone:
disable: true
depends_on:
- tagged-amd64
- tagged-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
steps: steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build-manifest - name: build-manifest
image: docker.io/plugins/manifest:1.4.0 image: plugins/manifest
settings: settings:
auto_tag: true auto_tag: true
ignore_missing: true ignore_missing: true
spec: manifest.tmpl spec: manifest.tmpl
username: username:
from_secret: git_cryptic_systems_container_registry_user from_secret: container_image_registry_user
password: password:
from_secret: git_cryptic_systems_container_registry_password from_secret: container_image_registry_password
- name: email-notification - name: notify
image: docker.io/drillster/drone-email:latest
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
resources: resources:
limits: limits:
cpu: 150 cpu: 50
memory: 150M memory: 25M
when: when:
status: status:
- changed - changed
- failure - failure
depends_on:
- tagged-amd64
- tagged-arm-v7
- tagged-arm64-v8
trigger: trigger:
event: event:
- tag - tag
@ -615,56 +668,54 @@ trigger:
--- ---
kind: pipeline kind: pipeline
type: kubernetes type: kubernetes
name: tagged-sync name: sync
clone: platform:
disable: true os: linux
arch: amd64
depends_on:
- tagged-manifest
steps: steps:
- name: clone - name: github
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: docker.io/appleboy/drone-git-push:latest
resources:
- name: tagged-sync limits:
commands: cpu: 50
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek memory: 25M
environment: settings:
SRC_CRED_USERNAME: branch: master
from_secret: git_cryptic_systems_container_registry_user remote: ssh://git@github.com/volker-raschek/gosec-docker.git
SRC_CRED_PASSWORD: force: true
from_secret: git_cryptic_systems_container_registry_password ssh_key:
DEST_CRED_USERNAME: from_secret: ssh_key
from_secret: container_image_registry_user
DEST_CRED_PASSWORD:
from_secret: container_image_registry_password
image: quay.io/skopeo/stable:v1.16.1
- name: email-notification - name: email-notification
environment: environment:
SMTP_FROM_ADDRESS: PLUGIN_HOST:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host from_secret: smtp_host
SMTP_USERNAME: PLUGIN_USERNAME:
from_secret: smtp_username from_secret: smtp_username
SMTP_PASSWORD: PLUGIN_PASSWORD:
from_secret: smtp_password from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5 PLUGIN_FROM:
from_secret: smtp_mail_address
image: docker.io/drillster/drone-email:latest
resources: resources:
limits: limits:
cpu: 150 cpu: 50
memory: 150M memory: 25M
when: when:
status: status:
- changed - changed
- failure - failure
depends_on:
- latest-manifest
trigger: trigger:
branch:
- master
event: event:
- tag - cron
- push
repo: repo:
- volker.raschek/gosec-docker - volker.raschek/gosec-docker

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM docker.io/library/golang:1.23.2-alpine AS build FROM docker.io/library/golang:1.18.1-alpine AS build
ARG GOSEC_VERSION ARG GOSEC_VERSION

30
Makefile
View File

@ -1,22 +1,22 @@
# GOSEC_VERSION # GOSEC_VERSION
# Only required to install a specifiy version # Only required to install a specifiy version
GOSEC_VERSION?=v2.21.4 # renovate: datasource=github-releases depName=securego/gosec GOSEC_VERSION?=v2.11.0 # renovate: datasource=github-releases depName=securego/gosec
# CONTAINER_RUNTIME # CONTAINER_RUNTIME
# The CONTAINER_RUNTIME variable will be used to specified the path to a # The CONTAINER_RUNTIME variable will be used to specified the path to a
# container runtime. This is needed to start and run a container image. # container runtime. This is needed to start and run a container image.
CONTAINER_RUNTIME?=$(shell which podman) CONTAINER_RUNTIME?=$(shell which docker)
# GOSEC_IMAGE_REGISTRY_NAME # HELM_IMAGE_REGISTRY_NAME
# Defines the name of the new container to be built using several variables. # Defines the name of the new container to be built using several variables.
GOSEC_IMAGE_REGISTRY_NAME:=git.cryptic.systems HELM_IMAGE_REGISTRY_NAME:=docker.io
GOSEC_IMAGE_REGISTRY_USER:=volker.raschek HELM_IMAGE_REGISTRY_USER:=volkerraschek
GOSEC_IMAGE_NAMESPACE?=${GOSEC_IMAGE_REGISTRY_USER} HELM_IMAGE_NAMESPACE?=${HELM_IMAGE_REGISTRY_USER}
GOSEC_IMAGE_NAME:=gosec HELM_IMAGE_NAME:=gosec
GOSEC_IMAGE_VERSION?=latest HELM_IMAGE_VERSION?=latest
GOSEC_IMAGE_FULLY_QUALIFIED=${GOSEC_IMAGE_REGISTRY_NAME}/${GOSEC_IMAGE_NAMESPACE}/${GOSEC_IMAGE_NAME}:${GOSEC_IMAGE_VERSION} HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_NAME}/${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION}
GOSEC_IMAGE_UNQUALIFIED=${GOSEC_IMAGE_NAMESPACE}/${GOSEC_IMAGE_NAME}:${GOSEC_IMAGE_VERSION} HELM_IMAGE_UNQUALIFIED=${HELM_IMAGE_NAMESPACE}/${HELM_IMAGE_NAME}:${HELM_IMAGE_VERSION}
# BUILD CONTAINER IMAGE # BUILD CONTAINER IMAGE
# ============================================================================== # ==============================================================================
@ -27,23 +27,23 @@ container-image/build:
--file Dockerfile \ --file Dockerfile \
--no-cache \ --no-cache \
--pull \ --pull \
--tag ${GOSEC_IMAGE_FULLY_QUALIFIED} \ --tag ${HELM_IMAGE_FULLY_QUALIFIED} \
--tag ${GOSEC_IMAGE_UNQUALIFIED} \ --tag ${HELM_IMAGE_UNQUALIFIED} \
. .
# DELETE CONTAINER IMAGE # DELETE CONTAINER IMAGE
# ============================================================================== # ==============================================================================
PHONY:=container-image/delete PHONY:=container-image/delete
container-image/delete: container-image/delete:
- ${CONTAINER_RUNTIME} image rm ${GOSEC_IMAGE_FULLY_QUALIFIED} ${GOSEC_IMAGE_UNQUALIFIED} - ${CONTAINER_RUNTIME} image rm ${HELM_IMAGE_FULLY_QUALIFIED} ${HELM_IMAGE_UNQUALIFIED}
- ${CONTAINER_RUNTIME} image rm ${BASE_IMAGE_FULL} - ${CONTAINER_RUNTIME} image rm ${BASE_IMAGE_FULL}
# PUSH CONTAINER IMAGE # PUSH CONTAINER IMAGE
# ============================================================================== # ==============================================================================
PHONY+=container-image/push PHONY+=container-image/push
container-image/push: container-image/push:
echo ${GOSEC_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${GOSEC_IMAGE_REGISTRY_NAME} --username ${GOSEC_IMAGE_REGISTRY_USER} --password-stdin echo ${HELM_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${HELM_IMAGE_REGISTRY_NAME} --username ${HELM_IMAGE_REGISTRY_USER} --password-stdin
${CONTAINER_RUNTIME} push ${GOSEC_IMAGE_FULLY_QUALIFIED} ${CONTAINER_RUNTIME} push ${HELM_IMAGE_FULLY_QUALIFIED}
# PHONY # PHONY
# ============================================================================== # ==============================================================================

14
manifest.tmpl
View File

@ -1,4 +1,4 @@
image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}} {{#if build.tags}}
tags: tags:
{{#each build.tags}} {{#each build.tags}}
@ -7,11 +7,19 @@ tags:
- "latest" - "latest"
{{/if}} {{/if}}
manifests: manifests:
- image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64 -
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-amd64
platform: platform:
architecture: amd64 architecture: amd64
os: linux os: linux
- image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8 -
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7
platform:
architecture: arm
os: linux
variant: v7
-
image: volkerraschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
platform: platform:
architecture: arm64 architecture: arm64
os: linux os: linux

9
renovate.json
View File

@ -1,6 +1,8 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ], "assignees": [ "volker.raschek" ],
"automergeStrategy": "merge-commit",
"automergeType": "pr",
"labels": [ "renovate" ], "labels": [ "renovate" ],
"packageRules": [ "packageRules": [
{ {
@ -9,13 +11,6 @@
"matchManagers": "droneci", "matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"] "matchUpdateTypes": [ "minor", "patch"]
}, },
{
"description": "Automatically update patch version of used container images in docker files",
"addLabels": [ "renovate/container-image", "renovate/automerge" ],
"automerge": true,
"matchManagers": [ "dockerfile" ],
"matchUpdateTypes": [ "patch" ]
},
{ {
"addLabels": [ "renovate/gosec", "renovate/automerge" ], "addLabels": [ "renovate/gosec", "renovate/automerge" ],
"automerge": false, "automerge": false,