---
kind: pipeline
type: docker
name: test

platform:
  os: linux
  arch: amd64

steps:
  - name: lint-editorconfig
    image: docker.io/mstruebing/editorconfig-checker

  - name: lint-golang
    image: docker.io/golang:1.21
    commands:
      - make lint
    volumes:
      - name: godeps
        path: /go

  - name: test
    image: docker.io/golang:1.21
    commands:
      - make test
    volumes:
      - name: godeps
        path: /go

volumes:
  - name: godeps
    temp: {}

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

---
kind: pipeline
type: docker
name: build-binaries

platform:
  os: linux
  arch: amd64

steps:
  - name: build
    image: docker.io/techknowlogick/xgo:go-1.21.x
    commands:
      - ln -s /drone/src /source
      - make release

  - name: executable
    image: docker.io/golang:1.21
    commands:
      - $(find dist/ -executable -type f -iname ${DRONE_REPO_NAME}-linux-amd64) --help

  - name: changelog
    image: quay.io/thegeeklab/git-chglog
    commands:
      - git fetch -tq
      - git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
      - cat CHANGELOG.md

  - name: publish
    image: docker.io/plugins/github-release
    settings:
      api_key:
        from_secret: github_token
      files:
        - dist/*
      note: CHANGELOG.md
      overwrite: true
      title: ${DRONE_TAG}
    when:
      ref:
        - refs/tags/**

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - test

---
kind: pipeline
type: docker
name: build-container

platform:
  os: linux
  arch: amd64

steps:
  - name: security-build
    image: docker.io/owncloudci/drone-docker-buildx:2
    settings:
      dockerfile: Dockerfile.multiarch
      output: type=oci,dest=oci/${DRONE_REPO_NAME},tar=false
      repo: owncloudci/${DRONE_REPO_NAME}

  - name: security-scan
    image: ghcr.io/aquasecurity/trivy
    commands:
      - trivy -v
      - trivy image --input oci/${DRONE_REPO_NAME}
    environment:
      TRIVY_EXIT_CODE: 1
      TRIVY_IGNORE_UNFIXED: True
      TRIVY_NO_PROGRESS: True
      TRIVY_SEVERITY: HIGH,CRITICAL
      TRIVY_TIMEOUT: 1m
      TRIVY_SKIP_FILES: /opt/pipx/venvs/ansible/lib/**/site-packages/ansible_collections/**/modules/*.py
    depends_on:
      - security-build

  - name: publish
    image: docker.io/owncloudci/drone-docker-buildx:2
    settings:
      auto_tag: true
      dockerfile: Dockerfile.multiarch
      password:
        from_secret: docker_password
      platforms:
        - linux/amd64
        - linux/arm64
      provenance: false
      repo: owncloudci/${DRONE_REPO_NAME}
      username:
        from_secret: docker_username
    when:
      ref:
        - refs/heads/main
        - refs/tags/**
    depends_on:
      - security-scan

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
    - refs/pull/**

depends_on:
  - test

---
kind: pipeline
type: docker
name: notifications

platform:
  os: linux
  arch: amd64

steps:
  - name: pushrm
    image: docker.io/chko/docker-pushrm:1
    environment:
      DOCKER_PASS:
        from_secret: docker_password
      DOCKER_USER:
        from_secret: docker_username
      PUSHRM_FILE: README.md
      PUSHRM_SHORT: Drone plugin to provision via Ansible
      PUSHRM_TARGET: owncloudci/${DRONE_REPO_NAME}
    when:
      status:
        - success

trigger:
  ref:
    - refs/heads/main
    - refs/tags/**
  status:
    - success
    - failure

depends_on:
  - build-binaries
  - build-container