diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml index 6a777b2..a633ff3 100644 --- a/.woodpecker/build-container.yml +++ b/.woodpecker/build-container.yml @@ -14,7 +14,8 @@ steps: repo: thegeeklab/${CI_REPO_NAME} - name: security-scan - image: ghcr.io/aquasecurity/trivy + image: docker.io/aquasec/trivy + depends_on: security-build commands: - trivy -v - trivy image --input oci/${CI_REPO_NAME} @@ -27,7 +28,7 @@ steps: - name: publish-dockerhub image: quay.io/thegeeklab/wp-docker-buildx:5 - group: container + depends_on: security-scan settings: auto_tag: true containerfile: Containerfile.multiarch @@ -48,7 +49,7 @@ steps: - name: publish-quay image: quay.io/thegeeklab/wp-docker-buildx:5 - group: container + depends_on: security-scan settings: auto_tag: true containerfile: Containerfile.multiarch diff --git a/.woodpecker/docs.yml b/.woodpecker/docs.yml index d42a7bf..aa7cc29 100644 --- a/.woodpecker/docs.yml +++ b/.woodpecker/docs.yml @@ -8,13 +8,11 @@ when: steps: - name: markdownlint image: quay.io/thegeeklab/markdownlint-cli - group: test commands: - markdownlint 'README.md' - name: spellcheck image: quay.io/thegeeklab/alpine-tools - group: test commands: - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls environment: @@ -22,18 +20,17 @@ steps: - name: link-validation image: docker.io/lycheeverse/lychee - group: test commands: - lychee --no-progress --format detailed README.md - name: pushrm-dockerhub image: docker.io/chko/docker-pushrm:1 - secrets: - - source: docker_password - target: DOCKER_PASS - - source: docker_username - target: DOCKER_USER + depends_on: [markdownlint, spellcheck, link-validation] environment: + DOCKER_PASS: + from_secret: docker_password + DOCKER_USER: + from_secret: docker_username PUSHRM_FILE: README.md PUSHRM_SHORT: Custom toolkit container based on Alpine PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME} @@ -45,10 +42,10 @@ steps: - name: pushrm-quay image: docker.io/chko/docker-pushrm:1 - secrets: - - source: quay_token - target: APIKEY__QUAY_IO + depends_on: [markdownlint, spellcheck, link-validation] environment: + APIKEY__QUAY_IO: + from_secret: quay_token PUSHRM_FILE: README.md PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME} when: