ansible-later/.drone.yml

---
kind: pipeline
name: lint

platform:
  os: linux
  arch: amd64

steps:
  - name: yapf
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry config experimental.new-installer false
      - poetry install
      - poetry run yapf -dr ./ansiblelater
    environment:
      PY_COLORS: 1

  - name: flake8
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry install -E ansible-core
      - poetry run flake8 ./ansiblelater
    environment:
      PY_COLORS: 1

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

---
kind: pipeline
name: test

platform:
  os: linux
  arch: amd64

steps:
  - name: fetch
    image: python:3.10
    commands:
      - git fetch -tq

  - name: python38-pytest
    image: python:3.8
    commands:
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry config experimental.new-installer false
      - poetry install -E ansible-core
      - poetry run pytest
      - poetry version
      - poetry run ansible-later --help
    environment:
      PY_COLORS: 1
    depends_on:
      - fetch

  - name: python39-pytest
    image: python:3.9
    commands:
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry config experimental.new-installer false
      - poetry install -E ansible-core
      - poetry run pytest
      - poetry version
      - poetry run ansible-later --help
    environment:
      PY_COLORS: 1
    depends_on:
      - fetch

  - name: python310-pytest
    image: python:3.10
    commands:
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry config experimental.new-installer false
      - poetry install -E ansible-core
      - poetry run pytest
      - poetry version
      - poetry run ansible-later --help
    environment:
      PY_COLORS: 1
    depends_on:
      - fetch

  - name: codecov
    image: python:3.10
    commands:
      - pip install codecov -qq
      - codecov --required -X gcov
    environment:
      CODECOV_TOKEN:
        from_secret: codecov_token
      PY_COLORS: 1
    depends_on:
      - python38-pytest
      - python39-pytest
      - python310-pytest

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - lint

---
kind: pipeline
name: security

platform:
  os: linux
  arch: amd64

steps:
  - name: bandit
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry install -E ansible-core
      - poetry run bandit -r ./ansiblelater -x ./ansiblelater/test
    environment:
      PY_COLORS: 1

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - test

---
kind: pipeline
name: build-package

platform:
  os: linux
  arch: amd64

steps:
  - name: build
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry build

  - name: checksum
    image: alpine
    commands:
      - cd dist/ && sha256sum * > ../sha256sum.txt

  - name: changelog-generate
    image: thegeeklab/git-chglog
    commands:
      - git fetch -tq
      - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}

  - name: changelog-format
    image: thegeeklab/alpine-tools
    commands:
      - prettier CHANGELOG.md
      - prettier -w CHANGELOG.md

  - name: publish-github
    image: plugins/github-release
    settings:
      api_key:
        from_secret: github_token
      files:
        - dist/*
        - sha256sum.txt
      note: CHANGELOG.md
      overwrite: true
      title: ${DRONE_TAG}
    when:
      ref:
        - refs/tags/**

  - name: publish-pypi
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry publish -n
    environment:
      POETRY_HTTP_BASIC_PYPI_PASSWORD:
        from_secret: pypi_password
      POETRY_HTTP_BASIC_PYPI_USERNAME:
        from_secret: pypi_username
    when:
      ref:
        - refs/tags/**

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - security

---
kind: pipeline
name: build-container-amd64

platform:
  os: linux
  arch: amd64

steps:
  - name: build
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry build

  - name: dryrun
    image: thegeeklab/drone-docker:19
    settings:
      dockerfile: docker/Dockerfile.amd64
      dry_run: true
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/pull/**
    depends_on:
      - build

  - name: publish-dockerhub
    image: thegeeklab/drone-docker:19
    settings:
      auto_tag: true
      auto_tag_suffix: amd64
      dockerfile: docker/Dockerfile.amd64
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun

  - name: publish-quay
    image: thegeeklab/drone-docker:19
    settings:
      auto_tag: true
      auto_tag_suffix: amd64
      dockerfile: docker/Dockerfile.amd64
      password:
        from_secret: quay_password
      registry: quay.io
      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: quay_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - security

---
kind: pipeline
name: build-container-arm64

platform:
  os: linux
  arch: arm64

steps:
  - name: build
    image: python:3.10
    commands:
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry build

  - name: dryrun
    image: thegeeklab/drone-docker:19
    settings:
      dockerfile: docker/Dockerfile.arm64
      dry_run: true
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/pull/**
    depends_on:
      - build

  - name: publish-dockerhub
    image: thegeeklab/drone-docker:19
    settings:
      auto_tag: true
      auto_tag_suffix: arm64
      dockerfile: docker/Dockerfile.arm64
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun

  - name: publish-quay
    image: thegeeklab/drone-docker:19
    settings:
      auto_tag: true
      auto_tag_suffix: arm64
      dockerfile: docker/Dockerfile.arm64
      password:
        from_secret: quay_password
      registry: quay.io
      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: quay_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - security

---
kind: pipeline
name: build-container-arm

platform:
  os: linux
  arch: arm

steps:
  - name: build
    image: python:3.10-alpine
    commands:
      - apk add -Uq --no-cache build-base openssl-dev libffi-dev musl-dev python3-dev git cargo
      - git fetch -tq
      - pip install poetry poetry-dynamic-versioning -qq
      - poetry build
    environment:
      CARGO_NET_GIT_FETCH_WITH_CLI: true

  - name: dryrun
    image: thegeeklab/drone-docker:19
    settings:
      dockerfile: docker/Dockerfile.arm
      dry_run: true
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/pull/**
    depends_on:
      - build

  - name: publish-dockerhub
    image: thegeeklab/drone-docker:19
    settings:
      auto_tag: true
      auto_tag_suffix: arm
      dockerfile: docker/Dockerfile.arm
      password:
        from_secret: docker_password
      repo: thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun

  - name: publish-quay
    image: thegeeklab/drone-docker:19
    settings:
      auto_tag: true
      auto_tag_suffix: arm
      dockerfile: docker/Dockerfile.arm
      password:
        from_secret: quay_password
      registry: quay.io
      repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
      username:
        from_secret: quay_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - dryrun

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - security

---
kind: pipeline
name: docs

platform:
  os: linux
  arch: amd64

concurrency:
  limit: 1

steps:
  - name: assets
    image: thegeeklab/alpine-tools
    commands:
      - make doc

  - name: markdownlint
    image: thegeeklab/markdownlint-cli
    commands:
      - markdownlint 'docs/content/**/*.md' 'README.md' 'CONTRIBUTING.md'

  - name: spellcheck
    image: node:lts-alpine
    commands:
      - npm install -g spellchecker-cli
      - spellchecker --files 'docs/content/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls --no-suggestions
    environment:
      FORCE_COLOR: true
      NPM_CONFIG_LOGLEVEL: error

  - name: testbuild
    image: thegeeklab/hugo:0.97.3
    commands:
      - hugo --panicOnWarning -s docs/ -b http://localhost:8000/

  - name: link-validation
    image: thegeeklab/link-validator
    commands:
      - link-validator --nice --external --skip-file .linkcheckignore
    environment:
      LINK_VALIDATOR_BASE_DIR: docs/public

  - name: build
    image: thegeeklab/hugo:0.97.3
    commands:
      - hugo --panicOnWarning -s docs/

  - name: beautify
    image: node:lts-alpine
    commands:
      - npm install -g js-beautify
      - html-beautify -r -f 'docs/public/**/*.html'
    environment:
      FORCE_COLOR: true
      NPM_CONFIG_LOGLEVEL: error

  - name: publish
    image: plugins/s3-sync
    settings:
      access_key:
        from_secret: s3_access_key
      bucket: geekdocs
      delete: true
      endpoint: https://sp.rknet.org
      path_style: true
      secret_key:
        from_secret: s3_secret_access_key
      source: docs/public/
      strip_prefix: docs/public/
      target: /${DRONE_REPO_NAME}
    when:
      ref:
        - refs/heads/main
        - refs/tags/**

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - build-package
  - build-container-amd64
  - build-container-arm64
  - build-container-arm

---
kind: pipeline
name: notifications

platform:
  os: linux
  arch: amd64

steps:
  - name: manifest-dockerhub
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      password:
        from_secret: docker_password
      spec: docker/manifest.tmpl
      username:
        from_secret: docker_username
    when:
      status:
        - success

  - name: manifest-quay
    image: plugins/manifest
    settings:
      auto_tag: true
      ignore_missing: true
      password:
        from_secret: quay_password
      spec: docker/manifest-quay.tmpl
      username:
        from_secret: quay_username
    when:
      status:
        - success

  - name: pushrm-dockerhub
    pull: always
    image: chko/docker-pushrm:1
    environment:
      DOCKER_PASS:
        from_secret: docker_password
      DOCKER_USER:
        from_secret: docker_username
      PUSHRM_FILE: README.md
      PUSHRM_SHORT: Another best practice scanner for Ansible roles and playbooks
      PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
    when:
      status:
        - success

  - name: pushrm-quay
    pull: always
    image: chko/docker-pushrm:1
    environment:
      APIKEY__QUAY_IO:
        from_secret: quay_token
      PUSHRM_FILE: README.md
      PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
    when:
      status:
        - success

  - name: matrix
    image: thegeeklab/drone-matrix
    settings:
      homeserver:
        from_secret: matrix_homeserver
      password:
        from_secret: matrix_password
      roomid:
        from_secret: matrix_roomid
      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
      username:
        from_secret: matrix_username
    when:
      status:
        - success
        - failure

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
  status:
    - success
    - failure

depends_on:
  - docs

---
kind: signature
hmac: 3dfdeb9f62ed88a15805bb3b068836ccb0d3f1f610ea674643458fda582fb3b8

...