---
kind: pipeline
type: kubernetes
name: linter

clone:
  disable: true

platform:
  os: linux

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: markdown lint
  commands:
  - markdownlint *.md
  image: git.cryptic.systems/volker.raschek/markdownlint:0.43.0
  resources:
    limits:
      cpu: 150
      memory: 150M

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  resources:
    limits:
      cpu: 150
      memory: 150M
  when:
    status:
    - changed
    - failure

trigger:
  event:
    exclude:
    - tag

---
kind: pipeline
type: docker
name: dry-run-amd64

clone:
  disable: true

depends_on:
- linter

platform:
  os: linux
  arch: amd64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build
  image: docker.io/plugins/docker:20.18.5
  settings:
    auto_tag: false
    dockerfile: Dockerfile
    dry_run: true
    force_tag: true
    no_cache: true
    purge: true
    mirror:
      from_secret: docker_io_mirror
    registry: git.cryptic.systems
    repo: git.cryptic.systems/volker.raschek/gosec
    tags: latest-amd64
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  when:
    status:
    - changed
    - failure

trigger:
  branch:
    exclude:
    - master
  event:
  - pull_request
  - push
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: docker
name: dry-run-arm64-v8

clone:
  disable: true

depends_on:
- linter

platform:
  os: linux
  arch: arm64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build
  image: docker.io/plugins/docker:20.18.5
  settings:
    auto_tag: false
    dockerfile: Dockerfile
    dry_run: true
    force_tag: true
    no_cache: true
    purge: true
    mirror:
      from_secret: docker_io_mirror
    registry: git.cryptic.systems
    repo: git.cryptic.systems/volker.raschek/gosec
    tags: latest-arm64-v8
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  when:
    status:
    - changed
    - failure

trigger:
  branch:
    exclude:
    - master
  event:
  - pull_request
  - push
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: docker
name: latest-amd64

clone:
  disable: true

depends_on:
- linter

platform:
  os: linux
  arch: amd64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build
  image: docker.io/plugins/docker:20.18.5
  settings:
    auto_tag: false
    dockerfile: Dockerfile
    force_tag: true
    no_cache: true
    purge: true
    mirror:
      from_secret: docker_io_mirror
    registry: git.cryptic.systems
    repo: git.cryptic.systems/volker.raschek/gosec
    tags: latest-amd64
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  when:
    status:
    - changed
    - failure

trigger:
  branch:
  - master
  event:
  - cron
  - push
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: docker
name: latest-arm64-v8

clone:
  disable: true

depends_on:
- linter

platform:
  os: linux
  arch: arm64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build
  image: docker.io/plugins/docker:20.18.5
  settings:
    auto_tag: false
    dockerfile: Dockerfile
    force_tag: true
    no_cache: true
    purge: true
    mirror:
      from_secret: docker_io_mirror
    registry: git.cryptic.systems
    repo: git.cryptic.systems/volker.raschek/gosec
    tags: latest-arm64-v8
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  when:
    status:
    - changed
    - failure

trigger:
  branch:
  - master
  event:
  - cron
  - push
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: kubernetes
name: latest-manifest

clone:
  disable: true

depends_on:
- latest-amd64
- latest-arm64-v8

# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
  kubernetes.io/os: linux
  kubernetes.io/arch: amd64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build-manifest
  image: docker.io/plugins/manifest:1.4.0
  settings:
    auto_tag: false
    ignore_missing: true
    spec: manifest.tmpl
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  resources:
    limits:
      cpu: 150
      memory: 150M
  when:
    status:
    - changed
    - failure

trigger:
  branch:
  - master
  event:
  - cron
  - push
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: kubernetes
name: latest-sync

clone:
  disable: true

depends_on:
- latest-manifest

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: latest-sync
  commands:
  - skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
  environment:
    SRC_CRED_USERNAME:
      from_secret: git_cryptic_systems_container_registry_user
    SRC_CRED_PASSWORD:
      from_secret: git_cryptic_systems_container_registry_password
    DEST_CRED_USERNAME:
      from_secret: container_image_registry_user
    DEST_CRED_PASSWORD:
      from_secret: container_image_registry_password
  image: quay.io/skopeo/stable:v1.17.0

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  resources:
    limits:
      cpu: 150
      memory: 150M
  when:
    status:
    - changed
    - failure

trigger:
  branch:
  - master
  event:
  - cron
  - push
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: docker
name: tagged-amd64

clone:
  disable: true

platform:
  os: linux
  arch: amd64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build
  image: docker.io/plugins/docker:20.18.5
  settings:
    auto_tag: true
    auto_tag_suffix: amd64
    dockerfile: Dockerfile
    force_tag: true
    no_cache: true
    purge: true
    mirror:
      from_secret: docker_io_mirror
    registry: git.cryptic.systems
    repo: git.cryptic.systems/volker.raschek/gosec
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password
    build_args:
    - GOSEC_VERSION=v${DRONE_TAG}

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  when:
    status:
    - changed
    - failure

trigger:
  event:
  - tag
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: docker
name: tagged-arm64-v8

clone:
  disable: true

platform:
  os: linux
  arch: arm64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build
  image: docker.io/plugins/docker:20.18.5
  settings:
    auto_tag: true
    auto_tag_suffix: arm64-v8
    dockerfile: Dockerfile
    force_tag: true
    no_cache: true
    purge: true
    mirror:
      from_secret: docker_io_mirror
    registry: git.cryptic.systems
    repo: git.cryptic.systems/volker.raschek/gosec
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password
    build_args:
    - GOSEC_VERSION=v${DRONE_TAG}

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  when:
    status:
    - changed
    - failure

trigger:
  event:
  - tag
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: kubernetes
name: tagged-manifest

clone:
  disable: true

depends_on:
- tagged-amd64
- tagged-arm64-v8

# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
  kubernetes.io/os: linux
  kubernetes.io/arch: amd64

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: build-manifest
  image: docker.io/plugins/manifest:1.4.0
  settings:
    auto_tag: true
    ignore_missing: true
    spec: manifest.tmpl
    username:
      from_secret: git_cryptic_systems_container_registry_user
    password:
      from_secret: git_cryptic_systems_container_registry_password

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  resources:
    limits:
      cpu: 150
      memory: 150M
  when:
    status:
    - changed
    - failure

trigger:
  event:
  - tag
  repo:
  - volker.raschek/gosec-docker

---
kind: pipeline
type: kubernetes
name: tagged-sync

clone:
  disable: true

depends_on:
- tagged-manifest

steps:
- name: clone
  image: git.cryptic.systems/volker.raschek/git:1.4.0

- name: tagged-sync
  commands:
  - skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
  environment:
    SRC_CRED_USERNAME:
      from_secret: git_cryptic_systems_container_registry_user
    SRC_CRED_PASSWORD:
      from_secret: git_cryptic_systems_container_registry_password
    DEST_CRED_USERNAME:
      from_secret: container_image_registry_user
    DEST_CRED_PASSWORD:
      from_secret: container_image_registry_password
  image: quay.io/skopeo/stable:v1.17.0

- name: email-notification
  environment:
    SMTP_FROM_ADDRESS:
      from_secret: smtp_from_address
    SMTP_FROM_NAME:
      from_secret: smtp_from_name
    SMTP_HOST:
      from_secret: smtp_host
    SMTP_USERNAME:
      from_secret: smtp_username
    SMTP_PASSWORD:
      from_secret: smtp_password
  image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
  resources:
    limits:
      cpu: 150
      memory: 150M
  when:
    status:
    - changed
    - failure

trigger:
  event:
  - tag
  repo:
  - volker.raschek/gosec-docker