diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml index aab7d23..5cdde35 100644 --- a/.woodpecker/build-container.yml +++ b/.woodpecker/build-container.yml @@ -15,7 +15,8 @@ steps: cache_to: type=local,dest=oci/cache/${CI_REPO_NAME},mode=max - name: security-scan - image: ghcr.io/aquasecurity/trivy + image: docker.io/aquasec/trivy + depends_on: security-build commands: - trivy -v - trivy image --input oci/${CI_REPO_NAME} @@ -25,10 +26,11 @@ steps: TRIVY_NO_PROGRESS: "true" TRIVY_SEVERITY: HIGH,CRITICAL TRIVY_TIMEOUT: 1m + TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2 - name: publish-dockerhub image: quay.io/thegeeklab/wp-docker-buildx:5 - group: container + depends_on: security-scan settings: auto_tag: true containerfile: Containerfile @@ -48,7 +50,7 @@ steps: - name: publish-quay image: quay.io/thegeeklab/wp-docker-buildx:5 - group: container + depends_on: security-scan settings: auto_tag: true containerfile: Containerfile diff --git a/.woodpecker/docs.yml b/.woodpecker/docs.yml index 8c7cede..c0b983d 100644 --- a/.woodpecker/docs.yml +++ b/.woodpecker/docs.yml @@ -8,13 +8,11 @@ when: steps: - name: markdownlint image: quay.io/thegeeklab/markdownlint-cli - group: test commands: - markdownlint 'README.md' - name: spellcheck image: quay.io/thegeeklab/alpine-tools - group: test commands: - spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls environment: @@ -22,18 +20,17 @@ steps: - name: link-validation image: docker.io/lycheeverse/lychee - group: test commands: - lychee --no-progress --format detailed README.md - name: pushrm-dockerhub image: docker.io/chko/docker-pushrm:1 - secrets: - - source: docker_password - target: DOCKER_PASS - - source: docker_username - target: DOCKER_USER + depends_on: [markdownlint, spellcheck, link-validation] environment: + DOCKER_PASS: + from_secret: docker_password + DOCKER_USER: + from_secret: docker_username PUSHRM_FILE: README.md PUSHRM_SHORT: Custom image for Vaultwarden password manager PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME} @@ -45,10 +42,10 @@ steps: - name: pushrm-quay image: docker.io/chko/docker-pushrm:1 - secrets: - - source: quay_token - target: APIKEY__QUAY_IO + depends_on: [markdownlint, spellcheck, link-validation] environment: + APIKEY__QUAY_IO: + from_secret: quay_token PUSHRM_FILE: README.md PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME} when: