This repository has been archived on 2024-02-03. You can view files and clone it, but cannot push or open issues or pull requests.
vaultwarden-ldap/.woodpecker/build-container.yml
Robert Kaussow 50abb9ef8e
Some checks failed
ci/woodpecker/push/build-package Pipeline was successful
ci/woodpecker/push/build-container Pipeline failed
ci/woodpecker/push/docs unknown status
ci/woodpecker/push/notify Pipeline was successful
refactor: migrate to woodpecker ci (#110)
Reviewed-on: #110
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
Co-committed-by: Robert Kaussow <mail@thegeeklab.de>
2023-11-08 09:03:56 +01:00

70 lines
1.7 KiB
YAML

---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
binary:
image: docker.io/clux/muslrust:nightly-2021-04-14
commands:
- make build
security-build:
image: quay.io/thegeeklab/wp-docker-buildx:1
settings:
containerfile: Containerfile
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: thegeeklab/${CI_REPO_NAME}
security-scan:
image: ghcr.io/aquasecurity/trivy
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
TRIVY_SKIP_FILES: /usr/local/bin/gomplate
publish-dockerhub:
group: container
image: quay.io/thegeeklab/wp-docker-buildx:1
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: docker_password
provenance: false
repo: thegeeklab/${CI_REPO_NAME}
username:
from_secret: docker_username
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
publish-quay:
group: container
image: quay.io/thegeeklab/wp-docker-buildx:1
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: quay_password
provenance: false
registry: quay.io
repo: quay.io/thegeeklab/${CI_REPO_NAME}
username:
from_secret: quay_username
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}