0
0
mirror of https://github.com/thegeeklab/retry.git synced 2024-11-24 22:30:39 +00:00
retry/.woodpecker/build-container.yml

81 lines
2.0 KiB
YAML
Raw Normal View History

---
when:
2023-07-26 18:43:03 +00:00
- event: [pull_request, tag]
- event: [push, manual]
2023-07-25 21:43:19 +00:00
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: security-build
image: quay.io/thegeeklab/wp-docker-buildx:5
settings:
2023-08-22 07:19:02 +00:00
containerfile: Containerfile.multiarch
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: thegeeklab/${CI_REPO_NAME}
registry_config:
from_secret: DOCKER_REGISTRY_CONFIG_PULL
- name: security-scan
image: docker.io/aquasec/trivy
depends_on: security-build
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
- name: publish-dockerhub
image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [security-scan]
settings:
auto_tag: true
2023-08-22 07:19:02 +00:00
containerfile: Containerfile.multiarch
password:
from_secret: docker_password
platforms:
- linux/amd64
- linux/arm64
- linux/arm/v7
- linux/arm/v6
provenance: false
repo: thegeeklab/${CI_REPO_NAME}
username:
from_secret: docker_username
when:
2023-07-26 18:43:03 +00:00
- event: [tag]
- event: [push, manual]
2023-07-25 21:43:19 +00:00
branch:
- ${CI_REPO_DEFAULT_BRANCH}
- name: publish-quay
image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [security-scan]
settings:
auto_tag: true
2023-08-22 07:19:02 +00:00
containerfile: Containerfile.multiarch
password:
from_secret: quay_password
platforms:
- linux/amd64
- linux/arm64
- linux/arm/v7
- linux/arm/v6
provenance: false
registry: quay.io
repo: quay.io/thegeeklab/${CI_REPO_NAME}
username:
from_secret: quay_username
when:
2023-07-26 18:43:03 +00:00
- event: [tag]
- event: [push, manual]
2023-07-25 21:43:19 +00:00
branch:
- ${CI_REPO_DEFAULT_BRANCH}
depends_on:
- test