671 lines
13 KiB
YAML
671 lines
13 KiB
YAML
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: linter
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
platform:
|
|
os: linux
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: markdown lint
|
|
commands:
|
|
- markdownlint *.md
|
|
image: git.cryptic.systems/volker.raschek/markdownlint:0.38.0
|
|
resources:
|
|
limits:
|
|
cpu: 150
|
|
memory: 150M
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
resources:
|
|
limits:
|
|
cpu: 150
|
|
memory: 150M
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
event:
|
|
exclude:
|
|
- tag
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: dry-run-amd64
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- linter
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build
|
|
image: docker.io/plugins/docker:20.17.1
|
|
settings:
|
|
auto_tag: false
|
|
dockerfile: Dockerfile
|
|
dry_run: true
|
|
force_tag: true
|
|
no_cache: true
|
|
purge: true
|
|
mirror:
|
|
from_secret: docker_io_mirror
|
|
registry: git.cryptic.systems
|
|
repo: git.cryptic.systems/volker.raschek/gosec
|
|
tags: latest-amd64
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
branch:
|
|
exclude:
|
|
- master
|
|
event:
|
|
- pull_request
|
|
- push
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: dry-run-arm64-v8
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- linter
|
|
|
|
platform:
|
|
os: linux
|
|
arch: arm64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build
|
|
image: docker.io/plugins/docker:20.17.1
|
|
settings:
|
|
auto_tag: false
|
|
dockerfile: Dockerfile
|
|
dry_run: true
|
|
force_tag: true
|
|
no_cache: true
|
|
purge: true
|
|
mirror:
|
|
from_secret: docker_io_mirror
|
|
registry: git.cryptic.systems
|
|
repo: git.cryptic.systems/volker.raschek/gosec
|
|
tags: latest-arm64-v8
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
branch:
|
|
exclude:
|
|
- master
|
|
event:
|
|
- pull_request
|
|
- push
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: latest-amd64
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- linter
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build
|
|
image: docker.io/plugins/docker:20.17.1
|
|
settings:
|
|
auto_tag: false
|
|
dockerfile: Dockerfile
|
|
force_tag: true
|
|
no_cache: true
|
|
purge: true
|
|
mirror:
|
|
from_secret: docker_io_mirror
|
|
registry: git.cryptic.systems
|
|
repo: git.cryptic.systems/volker.raschek/gosec
|
|
tags: latest-amd64
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
branch:
|
|
- master
|
|
event:
|
|
- cron
|
|
- push
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: latest-arm64-v8
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- linter
|
|
|
|
platform:
|
|
os: linux
|
|
arch: arm64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build
|
|
image: docker.io/plugins/docker:20.17.1
|
|
settings:
|
|
auto_tag: false
|
|
dockerfile: Dockerfile
|
|
force_tag: true
|
|
no_cache: true
|
|
purge: true
|
|
mirror:
|
|
from_secret: docker_io_mirror
|
|
registry: git.cryptic.systems
|
|
repo: git.cryptic.systems/volker.raschek/gosec
|
|
tags: latest-arm64-v8
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
branch:
|
|
- master
|
|
event:
|
|
- cron
|
|
- push
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: latest-manifest
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- latest-amd64
|
|
- latest-arm64-v8
|
|
|
|
# docker.io/plugins/manifest only for amd64 architectures available
|
|
node_selector:
|
|
kubernetes.io/os: linux
|
|
kubernetes.io/arch: amd64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build-manifest
|
|
image: docker.io/plugins/manifest:1.4.0
|
|
settings:
|
|
auto_tag: false
|
|
ignore_missing: true
|
|
spec: manifest.tmpl
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
resources:
|
|
limits:
|
|
cpu: 150
|
|
memory: 150M
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
branch:
|
|
- master
|
|
event:
|
|
- cron
|
|
- push
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: latest-sync
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- latest-manifest
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: latest-sync
|
|
commands:
|
|
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
|
|
environment:
|
|
SRC_CRED_USERNAME:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
SRC_CRED_PASSWORD:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
DEST_CRED_USERNAME:
|
|
from_secret: container_image_registry_user
|
|
DEST_CRED_PASSWORD:
|
|
from_secret: container_image_registry_password
|
|
image: quay.io/skopeo/stable:v1.14.0
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
resources:
|
|
limits:
|
|
cpu: 150
|
|
memory: 150M
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
branch:
|
|
- master
|
|
event:
|
|
- cron
|
|
- push
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: tagged-amd64
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build
|
|
image: docker.io/plugins/docker:20.17.1
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: amd64
|
|
dockerfile: Dockerfile
|
|
force_tag: true
|
|
no_cache: true
|
|
purge: true
|
|
mirror:
|
|
from_secret: docker_io_mirror
|
|
registry: git.cryptic.systems
|
|
repo: git.cryptic.systems/volker.raschek/gosec
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
build_args:
|
|
- GOSEC_VERSION=v${DRONE_TAG}
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: tagged-arm64-v8
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
platform:
|
|
os: linux
|
|
arch: arm64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build
|
|
image: docker.io/plugins/docker:20.17.1
|
|
settings:
|
|
auto_tag: true
|
|
auto_tag_suffix: arm64-v8
|
|
dockerfile: Dockerfile
|
|
force_tag: true
|
|
no_cache: true
|
|
purge: true
|
|
mirror:
|
|
from_secret: docker_io_mirror
|
|
registry: git.cryptic.systems
|
|
repo: git.cryptic.systems/volker.raschek/gosec
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
build_args:
|
|
- GOSEC_VERSION=v${DRONE_TAG}
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: tagged-manifest
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- tagged-amd64
|
|
- tagged-arm64-v8
|
|
|
|
# docker.io/plugins/manifest only for amd64 architectures available
|
|
node_selector:
|
|
kubernetes.io/os: linux
|
|
kubernetes.io/arch: amd64
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: build-manifest
|
|
image: docker.io/plugins/manifest:1.4.0
|
|
settings:
|
|
auto_tag: true
|
|
ignore_missing: true
|
|
spec: manifest.tmpl
|
|
username:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
password:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
resources:
|
|
limits:
|
|
cpu: 150
|
|
memory: 150M
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
repo:
|
|
- volker.raschek/gosec-docker
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: tagged-sync
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
depends_on:
|
|
- tagged-manifest
|
|
|
|
steps:
|
|
- name: clone
|
|
image: git.cryptic.systems/volker.raschek/git:1.3.1
|
|
|
|
- name: tagged-sync
|
|
commands:
|
|
- skopeo sync --all --src=docker --src-creds=$SRC_CRED_USERNAME:$SRC_CRED_PASSWORD --dest=docker --dest-creds=$DEST_CRED_USERNAME:$DEST_CRED_PASSWORD git.cryptic.systems/volker.raschek/gosec docker.io/volkerraschek
|
|
environment:
|
|
SRC_CRED_USERNAME:
|
|
from_secret: git_cryptic_systems_container_registry_user
|
|
SRC_CRED_PASSWORD:
|
|
from_secret: git_cryptic_systems_container_registry_password
|
|
DEST_CRED_USERNAME:
|
|
from_secret: container_image_registry_user
|
|
DEST_CRED_PASSWORD:
|
|
from_secret: container_image_registry_password
|
|
image: quay.io/skopeo/stable:v1.14.0
|
|
|
|
- name: email-notification
|
|
environment:
|
|
SMTP_FROM_ADDRESS:
|
|
from_secret: smtp_from_address
|
|
SMTP_FROM_NAME:
|
|
from_secret: smtp_from_name
|
|
SMTP_HOST:
|
|
from_secret: smtp_host
|
|
SMTP_USERNAME:
|
|
from_secret: smtp_username
|
|
SMTP_PASSWORD:
|
|
from_secret: smtp_password
|
|
image: git.cryptic.systems/volker.raschek/drone-email:0.1.5
|
|
resources:
|
|
limits:
|
|
cpu: 150
|
|
memory: 150M
|
|
when:
|
|
status:
|
|
- changed
|
|
- failure
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
repo:
|
|
- volker.raschek/gosec-docker
|