ansible-later/.drone.yml

---
kind: pipeline
name: lint
platform:
  arch: amd64
  os: linux
steps:
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry config experimental.new-installer false
  - poetry install
  - poetry run yapf -dr ./ansiblelater
  environment:
    PY_COLORS: 1
  image: python:3.9
  name: yapf
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry install -E ansible-base
  - poetry run flake8 ./ansiblelater
  environment:
    PY_COLORS: 1
  image: python:3.9
  name: flake8
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- lint
kind: pipeline
name: test
platform:
  arch: amd64
  os: linux
steps:
- commands:
  - git fetch -tq
  image: python:3.9
  name: fetch
- commands:
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry config experimental.new-installer false
  - poetry install -E ansible-base
  - poetry run pytest
  - poetry version
  - poetry run ansible-later --help
  depends_on:
  - fetch
  environment:
    PY_COLORS: 1
  image: python:3.6
  name: python36-pytest
- commands:
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry config experimental.new-installer false
  - poetry install -E ansible-base
  - poetry run pytest
  - poetry version
  - poetry run ansible-later --help
  depends_on:
  - fetch
  environment:
    PY_COLORS: 1
  image: python:3.7
  name: python37-pytest
- commands:
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry config experimental.new-installer false
  - poetry install -E ansible-base
  - poetry run pytest
  - poetry version
  - poetry run ansible-later --help
  depends_on:
  - fetch
  environment:
    PY_COLORS: 1
  image: python:3.8
  name: python38-pytest
- commands:
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry config experimental.new-installer false
  - poetry install -E ansible-base
  - poetry run pytest
  - poetry version
  - poetry run ansible-later --help
  depends_on:
  - fetch
  environment:
    PY_COLORS: 1
  image: python:3.9
  name: python39-pytest
- commands:
  - pip install codecov -qq
  - codecov --required -X gcov
  depends_on:
  - python36-pytest
  - python37-pytest
  - python38-pytest
  - python39-pytest
  environment:
    CODECOV_TOKEN:
      from_secret: codecov_token
    PY_COLORS: 1
  image: python:3.9
  name: codecov
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- test
kind: pipeline
name: security
platform:
  arch: amd64
  os: linux
steps:
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry install -E ansible-base
  - poetry run bandit -r ./ansiblelater -x ./ansiblelater/test
  environment:
    PY_COLORS: 1
  image: python:3.9
  name: bandit
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- security
kind: pipeline
name: build-package
platform:
  arch: amd64
  os: linux
steps:
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry build
  image: python:3.9
  name: build
- commands:
  - cd dist/ && sha256sum * > ../sha256sum.txt
  image: alpine
  name: checksum
- commands:
  - git fetch -tq
  - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased
    unreleased}
  image: thegeeklab/git-chglog
  name: changelog-generate
- commands:
  - prettier CHANGELOG.md
  - prettier -w CHANGELOG.md
  image: thegeeklab/alpine-tools
  name: changelog-format
- image: plugins/github-release
  name: publish-github
  settings:
    api_key:
      from_secret: github_token
    files:
    - dist/*
    - sha256sum.txt
    note: CHANGELOG.md
    overwrite: true
    title: ${DRONE_TAG}
  when:
    ref:
    - refs/tags/**
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry publish -n
  environment:
    POETRY_HTTP_BASIC_PYPI_PASSWORD:
      from_secret: pypi_password
    POETRY_HTTP_BASIC_PYPI_USERNAME:
      from_secret: pypi_username
  image: python:3.9
  name: publish-pypi
  when:
    ref:
    - refs/tags/**
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- security
kind: pipeline
name: build-container-amd64
platform:
  arch: amd64
  os: linux
steps:
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry build
  image: python:3.9
  name: build
- depends_on:
  - build
  image: thegeeklab/drone-docker:19
  name: dryrun
  settings:
    dockerfile: docker/Dockerfile.amd64
    dry_run: true
    password:
      from_secret: docker_password
    repo: thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: docker_username
  when:
    ref:
    - refs/pull/**
- depends_on:
  - dryrun
  image: thegeeklab/drone-docker:19
  name: publish-dockerhub
  settings:
    auto_tag: true
    auto_tag_suffix: amd64
    dockerfile: docker/Dockerfile.amd64
    password:
      from_secret: docker_password
    repo: thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: docker_username
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
- depends_on:
  - dryrun
  image: thegeeklab/drone-docker:19
  name: publish-quay
  settings:
    auto_tag: true
    auto_tag_suffix: amd64
    dockerfile: docker/Dockerfile.amd64
    password:
      from_secret: quay_password
    registry: quay.io
    repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: quay_username
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- security
kind: pipeline
name: build-container-arm64
platform:
  arch: arm64
  os: linux
steps:
- commands:
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry build
  image: python:3.9
  name: build
- depends_on:
  - build
  image: thegeeklab/drone-docker:19
  name: dryrun
  settings:
    dockerfile: docker/Dockerfile.arm64
    dry_run: true
    password:
      from_secret: docker_password
    repo: thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: docker_username
  when:
    ref:
    - refs/pull/**
- depends_on:
  - dryrun
  image: thegeeklab/drone-docker:19
  name: publish-dockerhub
  settings:
    auto_tag: true
    auto_tag_suffix: arm64
    dockerfile: docker/Dockerfile.arm64
    password:
      from_secret: docker_password
    repo: thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: docker_username
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
- depends_on:
  - dryrun
  image: thegeeklab/drone-docker:19
  name: publish-quay
  settings:
    auto_tag: true
    auto_tag_suffix: arm64
    dockerfile: docker/Dockerfile.arm64
    password:
      from_secret: quay_password
    registry: quay.io
    repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: quay_username
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- security
kind: pipeline
name: build-container-arm
platform:
  arch: arm
  os: linux
steps:
- commands:
  - apk add -Uq --no-cache build-base openssl-dev libffi-dev musl-dev python3-dev
    git cargo
  - git fetch -tq
  - pip install poetry poetry-dynamic-versioning -qq
  - poetry build
  environment:
    CARGO_NET_GIT_FETCH_WITH_CLI: true
  image: python:3.9-alpine
  name: build
- depends_on:
  - build
  image: thegeeklab/drone-docker:19
  name: dryrun
  settings:
    dockerfile: docker/Dockerfile.arm
    dry_run: true
    password:
      from_secret: docker_password
    repo: thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: docker_username
  when:
    ref:
    - refs/pull/**
- depends_on:
  - dryrun
  image: thegeeklab/drone-docker:19
  name: publish-dockerhub
  settings:
    auto_tag: true
    auto_tag_suffix: arm
    dockerfile: docker/Dockerfile.arm
    password:
      from_secret: docker_password
    repo: thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: docker_username
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
- depends_on:
  - dryrun
  image: thegeeklab/drone-docker:19
  name: publish-quay
  settings:
    auto_tag: true
    auto_tag_suffix: arm
    dockerfile: docker/Dockerfile.arm
    password:
      from_secret: quay_password
    registry: quay.io
    repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
    username:
      from_secret: quay_username
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
concurrency:
  limit: 1
depends_on:
- build-package
- build-container-amd64
- build-container-arm64
- build-container-arm
kind: pipeline
name: docs
platform:
  arch: amd64
  os: linux
steps:
- commands:
  - make doc
  image: thegeeklab/alpine-tools
  name: assets
- commands:
  - markdownlint 'docs/content/**/*.md' 'README.md' 'CONTRIBUTING.md'
  image: thegeeklab/markdownlint-cli
  name: markdownlint
- commands:
  - npm install -g spellchecker-cli
  - spellchecker --files 'docs/content/**/*.md' 'README.md' -d .dictionary -p spell
    indefinite-article syntax-urls --no-suggestions
  environment:
    FORCE_COLOR: true
    NPM_CONFIG_LOGLEVEL: error
  image: node:lts-alpine
  name: spellcheck
- commands:
  - hugo -s docs/ -b http://localhost/
  image: thegeeklab/hugo:0.83.1
  name: testbuild
- commands:
  - link-validator -ro
  environment:
    LINK_VALIDATOR_BASE_DIR: docs/public
  image: thegeeklab/link-validator
  name: link-validation
- commands:
  - hugo -s docs/
  image: thegeeklab/hugo:0.83.1
  name: build
- commands:
  - npm install -g js-beautify
  - html-beautify -r -f 'docs/public/**/*.html'
  environment:
    FORCE_COLOR: true
    NPM_CONFIG_LOGLEVEL: error
  image: node:lts-alpine
  name: beautify
- image: plugins/s3-sync
  name: publish
  settings:
    access_key:
      from_secret: s3_access_key
    bucket: geekdocs
    delete: true
    endpoint: https://sp.rknet.org
    path_style: true
    secret_key:
      from_secret: s3_secret_access_key
    source: docs/public/
    strip_prefix: docs/public/
    target: /${DRONE_REPO_NAME}
  when:
    ref:
    - refs/heads/main
    - refs/tags/**
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  - refs/pull/**
---
depends_on:
- docs
kind: pipeline
name: notifications
platform:
  arch: amd64
  os: linux
steps:
- image: plugins/manifest
  name: manifest-dockerhub
  settings:
    auto_tag: true
    ignore_missing: true
    password:
      from_secret: docker_password
    spec: docker/manifest.tmpl
    username:
      from_secret: docker_username
  when:
    status:
    - success
- image: plugins/manifest
  name: manifest-quay
  settings:
    auto_tag: true
    ignore_missing: true
    password:
      from_secret: quay_password
    spec: docker/manifest-quay.tmpl
    username:
      from_secret: quay_username
  when:
    status:
    - success
- environment:
    DOCKER_PASS:
      from_secret: docker_password
    DOCKER_USER:
      from_secret: docker_username
    PUSHRM_FILE: README.md
    PUSHRM_SHORT: Another best practice scanner for Ansible roles and playbooks
    PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
  image: chko/docker-pushrm:1
  name: pushrm-dockerhub
  pull: always
  when:
    status:
    - success
- environment:
    APIKEY__QUAY_IO:
      from_secret: quay_token
    PUSHRM_FILE: README.md
    PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
  image: chko/docker-pushrm:1
  name: pushrm-quay
  pull: always
  when:
    status:
    - success
- image: plugins/matrix
  name: matrix
  settings:
    homeserver:
      from_secret: matrix_homeserver
    password:
      from_secret: matrix_password
    roomid:
      from_secret: matrix_roomid
    template: 'Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name
      }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message:
      {{ build.message }}'
    username:
      from_secret: matrix_username
  when:
    status:
    - success
    - failure
trigger:
  ref:
  - refs/heads/main
  - refs/tags/**
  status:
  - success
  - failure
---
kind: signature
hmac: eb840b80a482cdb542fe7fcbe4f497de8b94a976e112ad5dcf78a62eaa15d2ed

...