0
0
mirror of https://github.com/thegeeklab/wp-ansible.git synced 2024-11-09 17:10:41 +00:00
wp-ansible/.drone.yml
renovate[bot] c26e6c822f
chore(deps): update docker.io/alpine docker tag to v3.19 (#208)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Robert Kaussow <mail@thegeeklab.de>
2023-12-08 09:41:37 +01:00

185 lines
3.4 KiB
YAML

---
kind: pipeline
type: docker
name: test
platform:
os: linux
arch: amd64
steps:
- name: lint
image: docker.io/golang:1.21
commands:
- make lint
volumes:
- name: godeps
path: /go
- name: test
image: docker.io/golang:1.21
commands:
- make test
volumes:
- name: godeps
path: /go
volumes:
- name: godeps
temp: {}
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
---
kind: pipeline
type: docker
name: build-binaries
platform:
os: linux
arch: amd64
steps:
- name: build
image: docker.io/techknowlogick/xgo:go-1.21.x
commands:
- ln -s /drone/src /source
- make release
- name: executable
image: docker.io/golang:1.21
commands:
- $(find dist/ -executable -type f -iname ${DRONE_REPO_NAME}-linux-amd64) --help
- name: changelog
image: quay.io/thegeeklab/git-chglog
commands:
- git fetch -tq
- git-chglog --no-color --no-emoji -o CHANGELOG.md ${DRONE_TAG:---next-tag unreleased unreleased}
- cat CHANGELOG.md
- name: publish
image: docker.io/plugins/github-release
settings:
api_key:
from_secret: github_token
files:
- dist/*
note: CHANGELOG.md
overwrite: true
title: ${DRONE_TAG}
when:
ref:
- refs/tags/**
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- test
---
kind: pipeline
type: docker
name: build-container
platform:
os: linux
arch: amd64
steps:
- name: security-build
image: docker.io/owncloudci/drone-docker-buildx:2
settings:
dockerfile: Dockerfile.multiarch
output: type=oci,dest=oci/${DRONE_REPO_NAME},tar=false
repo: owncloudci/${DRONE_REPO_NAME}
- name: security-scan
image: ghcr.io/aquasecurity/trivy
commands:
- trivy -v
- trivy image --input oci/${DRONE_REPO_NAME}
environment:
TRIVY_EXIT_CODE: 1
TRIVY_IGNORE_UNFIXED: True
TRIVY_NO_PROGRESS: True
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
TRIVY_SKIP_FILES: /opt/pipx/venvs/ansible/lib/**/site-packages/ansible_collections/**/modules/*.py
depends_on:
- security-build
- name: publish
image: docker.io/owncloudci/drone-docker-buildx:2
settings:
auto_tag: true
dockerfile: Dockerfile.multiarch
password:
from_secret: docker_password
platforms:
- linux/amd64
- linux/arm64
provenance: false
repo: owncloudci/${DRONE_REPO_NAME}
username:
from_secret: docker_username
when:
ref:
- refs/heads/main
- refs/tags/**
depends_on:
- security-scan
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- test
---
kind: pipeline
type: docker
name: notifications
platform:
os: linux
arch: amd64
steps:
- name: pushrm
image: docker.io/chko/docker-pushrm:1
environment:
DOCKER_PASS:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
PUSHRM_FILE: README.md
PUSHRM_SHORT: Drone plugin to provision via Ansible
PUSHRM_TARGET: owncloudci/${DRONE_REPO_NAME}
when:
status:
- success
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- build-binaries
- build-container