volker.raschek/gosec-docker
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Compare commits

base: volker.raschek:master
Branches Tags
volker.raschek:master
volker.raschek:2.19.0
volker.raschek:2.18.2
volker.raschek:2.18.1
volker.raschek:2.18.0
volker.raschek:2.16.0
volker.raschek:2.15.0
volker.raschek:2.14.0
volker.raschek:2.13.1
volker.raschek:2.12.0
volker.raschek:2.11.0
volker.raschek:2.9.6
volker.raschek:2.9.4
..
compare: volker.raschek:2.18.0
Branches Tags
volker.raschek:master
volker.raschek:2.19.0
volker.raschek:2.18.2
volker.raschek:2.18.1
volker.raschek:2.18.0
volker.raschek:2.16.0
volker.raschek:2.15.0
volker.raschek:2.14.0
volker.raschek:2.13.1
volker.raschek:2.12.0
volker.raschek:2.11.0
volker.raschek:2.9.6
volker.raschek:2.9.4

No commits in common. "master" and "2.18.0" have entirely different histories.
master ... 2.18.0

5 changed files with 214 additions and 13 deletions
Show Stats Expand all files Collapse all files

210
.drone.yml
View File

@ -16,7 +16,7 @@ steps:
- name: markdown lint - name: markdown lint
commands: commands:
- markdownlint *.md - markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.42.0 image: git.cryptic.systems/volker.raschek/markdownlint:0.37.0
resources: resources:
limits: limits:
cpu: 150 cpu: 150
@ -69,7 +69,7 @@ steps:
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: docker.io/plugins/docker:20.10.9
settings: settings:
auto_tag: false auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
@ -115,6 +115,72 @@ trigger:
repo: repo:
- volker.raschek/gosec-docker - volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: dry-run-arm-v7
clone:
disable: true
depends_on:
- linter
platform:
os: linux
arch: arm
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build
image: docker.io/plugins/docker:20.10.9
settings:
auto_tag: false
dockerfile: Dockerfile
dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
tags: latest-arm-v7
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
when:
status:
- changed
- failure
trigger:
branch:
exclude:
- master
event:
- pull_request
- push
repo:
- volker.raschek/gosec-docker
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@ -135,7 +201,7 @@ steps:
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: docker.io/plugins/docker:20.10.9
settings: settings:
auto_tag: false auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
@ -201,7 +267,7 @@ steps:
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: docker.io/plugins/docker:20.10.9
settings: settings:
auto_tag: false auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
@ -245,6 +311,70 @@ trigger:
repo: repo:
- volker.raschek/gosec-docker - volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: latest-arm-v7
clone:
disable: true
depends_on:
- linter
platform:
os: linux
arch: arm
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build
image: docker.io/plugins/docker:20.10.9
settings:
auto_tag: false
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
tags: latest-arm-v7
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/gosec-docker
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@ -265,7 +395,7 @@ steps:
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: docker.io/plugins/docker:20.10.9
settings: settings:
auto_tag: false auto_tag: false
dockerfile: Dockerfile dockerfile: Dockerfile
@ -319,6 +449,7 @@ clone:
depends_on: depends_on:
- latest-amd64 - latest-amd64
- latest-arm-v7
- latest-arm64-v8 - latest-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available # docker.io/plugins/manifest only for amd64 architectures available
@ -399,7 +530,7 @@ steps:
from_secret: container_image_registry_user from_secret: container_image_registry_user
DEST_CRED_PASSWORD: DEST_CRED_PASSWORD:
from_secret: container_image_registry_password from_secret: container_image_registry_password
image: quay.io/skopeo/stable:v1.16.1 image: quay.io/skopeo/stable:v1.13.3
- name: email-notification - name: email-notification
environment: environment:
@ -449,7 +580,7 @@ steps:
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: docker.io/plugins/docker:20.10.9
settings: settings:
auto_tag: true auto_tag: true
auto_tag_suffix: amd64 auto_tag_suffix: amd64
@ -492,6 +623,66 @@ trigger:
repo: repo:
- volker.raschek/gosec-docker - volker.raschek/gosec-docker
---
kind: pipeline
type: docker
name: tagged-arm-v7
clone:
disable: true
platform:
os: linux
arch: arm
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build
image: docker.io/plugins/docker:20.10.9
settings:
auto_tag: true
auto_tag_suffix: arm-v7
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/gosec
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
build_args:
- GOSEC_VERSION=v${DRONE_TAG}
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/gosec-docker
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
@ -509,7 +700,7 @@ steps:
image: git.cryptic.systems/volker.raschek/git:1.3.1 image: git.cryptic.systems/volker.raschek/git:1.3.1
- name: build - name: build
image: docker.io/plugins/docker:20.18.4 image: docker.io/plugins/docker:20.10.9
settings: settings:
auto_tag: true auto_tag: true
auto_tag_suffix: arm64-v8 auto_tag_suffix: arm64-v8
@ -562,6 +753,7 @@ clone:
depends_on: depends_on:
- tagged-amd64 - tagged-amd64
- tagged-arm-v7
- tagged-arm64-v8 - tagged-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available # docker.io/plugins/manifest only for amd64 architectures available
@ -639,7 +831,7 @@ steps:
from_secret: container_image_registry_user from_secret: container_image_registry_user
DEST_CRED_PASSWORD: DEST_CRED_PASSWORD:
from_secret: container_image_registry_password from_secret: container_image_registry_password
image: quay.io/skopeo/stable:v1.16.1 image: quay.io/skopeo/stable:v1.13.3
- name: email-notification - name: email-notification
environment: environment:

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM docker.io/library/golang:1.23.2-alpine AS build FROM docker.io/library/golang:1.21.3-alpine AS build
ARG GOSEC_VERSION ARG GOSEC_VERSION

6
Makefile
View File

@ -1,6 +1,6 @@
# GOSEC_VERSION # GOSEC_VERSION
# Only required to install a specifiy version # Only required to install a specifiy version
GOSEC_VERSION?=v2.21.4 # renovate: datasource=github-releases depName=securego/gosec GOSEC_VERSION?=v2.18.0 # renovate: datasource=github-releases depName=securego/gosec
# CONTAINER_RUNTIME # CONTAINER_RUNTIME
# The CONTAINER_RUNTIME variable will be used to specified the path to a # The CONTAINER_RUNTIME variable will be used to specified the path to a
@ -9,8 +9,8 @@ CONTAINER_RUNTIME?=$(shell which podman)
# GOSEC_IMAGE_REGISTRY_NAME # GOSEC_IMAGE_REGISTRY_NAME
# Defines the name of the new container to be built using several variables. # Defines the name of the new container to be built using several variables.
GOSEC_IMAGE_REGISTRY_NAME:=git.cryptic.systems GOSEC_IMAGE_REGISTRY_NAME:=docker.io
GOSEC_IMAGE_REGISTRY_USER:=volker.raschek GOSEC_IMAGE_REGISTRY_USER:=volkerraschek
GOSEC_IMAGE_NAMESPACE?=${GOSEC_IMAGE_REGISTRY_USER} GOSEC_IMAGE_NAMESPACE?=${GOSEC_IMAGE_REGISTRY_USER}
GOSEC_IMAGE_NAME:=gosec GOSEC_IMAGE_NAME:=gosec

5
manifest.tmpl
View File

@ -11,6 +11,11 @@ manifests:
platform: platform:
architecture: amd64 architecture: amd64
os: linux os: linux
- image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm-v7
platform:
architecture: arm
os: linux
variant: v7
- image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8 - image: git.cryptic.systems/volker.raschek/gosec:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}-arm64-v8
platform: platform:
architecture: arm64 architecture: arm64

4
renovate.json
View File

@ -1,11 +1,14 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"assignees": [ "volker.raschek" ], "assignees": [ "volker.raschek" ],
"automergeStrategy": "merge-commit",
"automergeType": "pr",
"labels": [ "renovate" ], "labels": [ "renovate" ],
"packageRules": [ "packageRules": [
{ {
"addLabels": [ "renovate/droneci", "renovate/automerge" ], "addLabels": [ "renovate/droneci", "renovate/automerge" ],
"automerge": true, "automerge": true,
"excludePackagePatterns": [ "plugins/docker" ],
"matchManagers": "droneci", "matchManagers": "droneci",
"matchUpdateTypes": [ "minor", "patch"] "matchUpdateTypes": [ "minor", "patch"]
}, },
@ -13,6 +16,7 @@
"description": "Automatically update patch version of used container images in docker files", "description": "Automatically update patch version of used container images in docker files",
"addLabels": [ "renovate/container-image", "renovate/automerge" ], "addLabels": [ "renovate/container-image", "renovate/automerge" ],
"automerge": true, "automerge": true,
"matchBaseBranches": [ "master" ],
"matchManagers": [ "dockerfile" ], "matchManagers": [ "dockerfile" ],
"matchUpdateTypes": [ "patch" ] "matchUpdateTypes": [ "patch" ]
}, },