188 lines
3.5 KiB
YAML
188 lines
3.5 KiB
YAML
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: test
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: lint-editorconfig
|
|
image: docker.io/mstruebing/editorconfig-checker
|
|
|
|
- name: lint-golang
|
|
image: docker.io/golang:1.21
|
|
commands:
|
|
- make lint
|
|
volumes:
|
|
- name: godeps
|
|
path: /go
|
|
|
|
- name: test
|
|
image: docker.io/golang:1.21
|
|
commands:
|
|
- make test
|
|
volumes:
|
|
- name: godeps
|
|
path: /go
|
|
|
|
volumes:
|
|
- name: godeps
|
|
temp: {}
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: build-binaries
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: build
|
|
image: docker.io/techknowlogick/xgo:go-1.21.x
|
|
commands:
|
|
- ln -s /drone/src /source
|
|
- make release
|
|
|
|
- name: executable
|
|
image: docker.io/golang:1.21
|
|
commands:
|
|
- $(find dist/ -executable -type f -iname ${DRONE_REPO_NAME}-linux-amd64) --help
|
|
|
|
- name: changelog
|
|
image: quay.io/thegeeklab/git-chglog
|
|
commands:
|
|
- git fetch -tq
|
|
- git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
|
|
- cat CHANGELOG.md
|
|
|
|
- name: publish
|
|
image: docker.io/plugins/github-release
|
|
settings:
|
|
api_key:
|
|
from_secret: github_token
|
|
files:
|
|
- dist/*
|
|
note: CHANGELOG.md
|
|
overwrite: true
|
|
title: ${DRONE_TAG}
|
|
when:
|
|
ref:
|
|
- refs/tags/**
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- test
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: build-container
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: security-build
|
|
image: docker.io/owncloudci/drone-docker-buildx:2
|
|
settings:
|
|
dockerfile: Dockerfile.multiarch
|
|
output: type=oci,dest=oci/${DRONE_REPO_NAME},tar=false
|
|
repo: owncloudci/${DRONE_REPO_NAME}
|
|
|
|
- name: security-scan
|
|
image: ghcr.io/aquasecurity/trivy
|
|
commands:
|
|
- trivy -v
|
|
- trivy image --input oci/${DRONE_REPO_NAME}
|
|
environment:
|
|
TRIVY_EXIT_CODE: 1
|
|
TRIVY_IGNORE_UNFIXED: True
|
|
TRIVY_NO_PROGRESS: True
|
|
TRIVY_SEVERITY: HIGH,CRITICAL
|
|
TRIVY_TIMEOUT: 1m
|
|
TRIVY_SKIP_FILES: /opt/pipx/venvs/ansible/lib/**/site-packages/ansible_collections/**/modules/*.py
|
|
depends_on:
|
|
- security-build
|
|
|
|
- name: publish
|
|
image: docker.io/owncloudci/drone-docker-buildx:2
|
|
settings:
|
|
auto_tag: true
|
|
dockerfile: Dockerfile.multiarch
|
|
password:
|
|
from_secret: docker_password
|
|
platforms:
|
|
- linux/amd64
|
|
- linux/arm64
|
|
provenance: false
|
|
repo: owncloudci/${DRONE_REPO_NAME}
|
|
username:
|
|
from_secret: docker_username
|
|
when:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
depends_on:
|
|
- security-scan
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
- refs/pull/**
|
|
|
|
depends_on:
|
|
- test
|
|
|
|
---
|
|
kind: pipeline
|
|
type: docker
|
|
name: notifications
|
|
|
|
platform:
|
|
os: linux
|
|
arch: amd64
|
|
|
|
steps:
|
|
- name: pushrm
|
|
image: docker.io/chko/docker-pushrm:1
|
|
environment:
|
|
DOCKER_PASS:
|
|
from_secret: docker_password
|
|
DOCKER_USER:
|
|
from_secret: docker_username
|
|
PUSHRM_FILE: README.md
|
|
PUSHRM_SHORT: Drone plugin to provision via Ansible
|
|
PUSHRM_TARGET: owncloudci/${DRONE_REPO_NAME}
|
|
when:
|
|
status:
|
|
- success
|
|
|
|
trigger:
|
|
ref:
|
|
- refs/heads/main
|
|
- refs/tags/**
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
depends_on:
|
|
- build-binaries
|
|
- build-container
|