vaultwarden/.woodpecker/build-container.yml

71 lines
1.9 KiB
YAML
Raw Normal View History

---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
2024-01-16 15:26:59 +00:00
- name: security-build
image: quay.io/thegeeklab/wp-docker-buildx:5
settings:
containerfile: Containerfile
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: thegeeklab/${CI_REPO_NAME}
2024-02-12 14:21:14 +00:00
cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max
2024-01-16 15:26:59 +00:00
- name: security-scan
2024-10-26 18:55:58 +00:00
image: docker.io/aquasec/trivy
depends_on: security-build
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
2024-10-26 18:55:58 +00:00
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
2024-01-16 15:30:50 +00:00
- name: publish-dockerhub
image: quay.io/thegeeklab/wp-docker-buildx:5
2024-10-26 18:55:58 +00:00
depends_on: security-scan
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: docker_password
provenance: false
repo: thegeeklab/${CI_REPO_NAME}
username:
from_secret: docker_username
2024-02-12 13:20:54 +00:00
cache_from:
2024-02-12 14:17:41 +00:00
- 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
2024-01-16 15:30:50 +00:00
- name: publish-quay
image: quay.io/thegeeklab/wp-docker-buildx:5
2024-10-26 18:55:58 +00:00
depends_on: security-scan
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: quay_password
provenance: false
registry: quay.io
repo: quay.io/thegeeklab/${CI_REPO_NAME}
username:
from_secret: quay_username
2024-02-12 14:35:07 +00:00
cache_from:
- 'type=local\\,src=oci/cache/${CI_REPO_NAME}'
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}