discord-notifier/.woodpecker/build.yml

variables:
  - &file Containerfile
  - &repo dev.shielddagger.com/opensource/discord-notifier

when:
- event: [push, pull_request]

steps:
- name: configure
  when:
  - event: push
    branch: main
  image: alpine:latest
  commands:
  - echo ${CI_COMMIT_SHA:0:8} > .version
- name: dryrun
  image: woodpeckerci/plugin-docker-buildx
  backend_options:
      kubernetes:
        securityContext:
          privileged: true
  settings:
    dockerfile: *file
    platforms: linux/arm64,linux/amd64
    cache_from: type=registry,ref=dev.shielddagger.com/opensource/discord-notifier
    cache_to: type=inline
    dry_run: true
    repo: *repo
    tags: latest
    registry: dev.shielddagger.com
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
  when:
  - event: pull_request
- name: publish
  image: woodpeckerci/plugin-docker-buildx
  backend_options:
      kubernetes:
        securityContext:
          privileged: true
  settings:
    dockerfile: *file
    platforms: linux/arm64,linux/amd64
    cache_from: type=registry,ref=dev.shielddagger.com/opensource/discord-notifier
    cache_to: type=inline
    repo: *repo
    auto_tag: true
    tags: ${CI_COMMIT_SHA:0:8}
    registry: dev.shielddagger.com
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
  when:
  - event: push
    branch: main
- name: gather-digests
  image: quay.io/skopeo/stable:latest
  environment:
    DOCKER_USER:
      from_secret: registry_username
    DOCKER_PASS:
      from_secret: registry_password
  when:
  - event: push
    branch: main
  commands:
  - dnf install -y jq
  - skopeo login dev.shielddagger.com --username $DOCKER_USER --password $DOCKER_PASS
  - skopeo inspect --raw docker://dev.shielddagger.com/opensource/discord-notifier:latest | jq -r .'manifests[] | select(.platform.architecture=="arm64").digest' > digest-arm64
  - skopeo inspect --raw docker://dev.shielddagger.com/opensource/discord-notifier:latest | jq -r .'manifests[] | select(.platform.architecture=="amd64").digest' > digest-amd64
- name: image-scan
  image: aquasec/trivy
  environment:
    TRIVY_USER:
      from_secret: registry_username
    TRIVY_PASSWORD:
      from_secret: registry_password
    TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
    TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
    TRIVY_CHECKS_BUNDLE_REPOSITORY: public.ecr.aws/aquasecurity/trivy-checks
  commands:
  - export ARM64_DIGEST=$(cat digest-arm64)
  - trivy image --platform linux/arm64 --debug dev.shielddagger.com/opensource/discord-notifier@$ARM64_DIGEST --exit-code 1 --username $TRIVY_USER --severity HIGH,CRITICAL
  when:
  - event: push
    branch: main
- name: notify
  image: dev.shielddagger.com/opensource/discord-notifier
  failure: ignore
  settings:
    webhook_url:
      from_secret: discord_webhook
    woodpecker_url: https://ci.shielddagger.com/api
    woodpecker_token:
      from_secret: woodpecker_token
    icon_url: https://discord.com/api/webhooks/1231848304694919270/1ApQzOPMfNosxhQ62HbYScBT5s94m0bIUn1IFGQlT6d8Ru2ImcHHjjkFA_SaonBNU3yz
  when:
  - status: [success, failure]

depends_on:
- scans
Initial commit 2024-04-22 14:28:38 +02:00			`variables:`
			`- &file Containerfile`
Update .woodpecker/build.yml 2024-09-12 13:43:21 +02:00			`- &repo dev.shielddagger.com/opensource/discord-notifier`
Initial commit 2024-04-22 14:28:38 +02:00
			`when:`
			`- event: [push, pull_request]`

			`steps:`
			`- name: configure`
			`when:`
			`- event: push`
			`branch: main`
			`image: alpine:latest`
			`commands:`
			`- echo ${CI_COMMIT_SHA:0:8} > .version`
			`- name: dryrun`
			`image: woodpeckerci/plugin-docker-buildx`
			`backend_options:`
			`kubernetes:`
			`securityContext:`
			`privileged: true`
			`settings:`
			`dockerfile: *file`
			`platforms: linux/arm64,linux/amd64`
Update .woodpecker/build.yml 2024-09-12 13:43:21 +02:00			`cache_from: type=registry,ref=dev.shielddagger.com/opensource/discord-notifier`
Initial commit 2024-04-22 14:28:38 +02:00			`cache_to: type=inline`
			`dry_run: true`
			`repo: *repo`
			`tags: latest`
			`registry: dev.shielddagger.com`
			`username:`
			`from_secret: registry_username`
			`password:`
			`from_secret: registry_password`
			`when:`
			`- event: pull_request`
			`- name: publish`
			`image: woodpeckerci/plugin-docker-buildx`
			`backend_options:`
			`kubernetes:`
			`securityContext:`
			`privileged: true`
			`settings:`
			`dockerfile: *file`
			`platforms: linux/arm64,linux/amd64`
Update .woodpecker/build.yml 2024-09-12 13:43:21 +02:00			`cache_from: type=registry,ref=dev.shielddagger.com/opensource/discord-notifier`
Initial commit 2024-04-22 14:28:38 +02:00			`cache_to: type=inline`
			`repo: *repo`
			`auto_tag: true`
			`tags: ${CI_COMMIT_SHA:0:8}`
			`registry: dev.shielddagger.com`
			`username:`
			`from_secret: registry_username`
			`password:`
			`from_secret: registry_password`
			`when:`
			`- event: push`
			`branch: main`
i guess we rawdogging digests over here 2024-10-31 10:44:44 +01:00			`- name: gather-digests`
			`image: quay.io/skopeo/stable:latest`
			`environment:`
			`DOCKER_USER:`
			`from_secret: registry_username`
			`DOCKER_PASS:`
			`from_secret: registry_password`
i guess we rawdogging digests over here 2024-10-31 10:49:23 +01:00			`when:`
			`- event: push`
			`branch: main`
i guess we rawdogging digests over here 2024-10-31 10:44:44 +01:00			`commands:`
			`- dnf install -y jq`
me be dum 2024-10-31 10:56:57 +01:00			`- skopeo login dev.shielddagger.com --username $DOCKER_USER --password $DOCKER_PASS`
ci: :green_heart: use jq -r to strip quotes in output 2024-10-31 11:05:24 +01:00			`- skopeo inspect --raw docker://dev.shielddagger.com/opensource/discord-notifier:latest \| jq -r .'manifests[] \| select(.platform.architecture=="arm64").digest' > digest-arm64`
			`- skopeo inspect --raw docker://dev.shielddagger.com/opensource/discord-notifier:latest \| jq -r .'manifests[] \| select(.platform.architecture=="amd64").digest' > digest-amd64`
Initial commit 2024-04-22 14:28:38 +02:00			`- name: image-scan`
			`image: aquasec/trivy`
			`environment:`
			`TRIVY_USER:`
			`from_secret: registry_username`
			`TRIVY_PASSWORD:`
			`from_secret: registry_password`
ci: :green_heart: use alternate trivy db repos 2024-10-31 09:26:28 +01:00			`TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db`
			`TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db`
			`TRIVY_CHECKS_BUNDLE_REPOSITORY: public.ecr.aws/aquasecurity/trivy-checks`
Initial commit 2024-04-22 14:28:38 +02:00			`commands:`
i guess we rawdogging digests over here 2024-10-31 10:44:44 +01:00			`- export ARM64_DIGEST=$(cat digest-arm64)`
			`- trivy image --platform linux/arm64 --debug dev.shielddagger.com/opensource/discord-notifier@$ARM64_DIGEST --exit-code 1 --username $TRIVY_USER --severity HIGH,CRITICAL`
Initial commit 2024-04-22 14:28:38 +02:00			`when:`
			`- event: push`
			`branch: main`
			`- name: notify`
Update .woodpecker/build.yml 2024-09-12 13:43:21 +02:00			`image: dev.shielddagger.com/opensource/discord-notifier`
Initial commit 2024-04-22 14:28:38 +02:00			`failure: ignore`
			`settings:`
			`webhook_url:`
			`from_secret: discord_webhook`
Limit trivy output 2024-04-24 14:03:38 +02:00			`woodpecker_url: https://ci.shielddagger.com/api`
Initial commit 2024-04-22 14:28:38 +02:00			`woodpecker_token:`
			`from_secret: woodpecker_token`
Update .woodpecker/build.yml 2024-09-12 11:13:44 +02:00			`icon_url: https://discord.com/api/webhooks/1231848304694919270/1ApQzOPMfNosxhQ62HbYScBT5s94m0bIUn1IFGQlT6d8Ru2ImcHHjjkFA_SaonBNU3yz`
F'd up on the when for notify 2024-04-22 15:36:49 +02:00			`when:`
			`- status: [success, failure]`
Initial commit 2024-04-22 14:28:38 +02:00
			`depends_on:`
			`- scans`