discord-notifier/.woodpecker/build.yml

variables:
  - &file Containerfile
  - &repo dev.shielddagger.com/shielddagger/heimdall

when:
- event: [push, pull_request]

steps:
- name: configure
  when:
  - event: push
    branch: main
  image: alpine:latest
  commands:
  - echo ${CI_COMMIT_SHA:0:8} > .version
- name: dryrun
  image: woodpeckerci/plugin-docker-buildx
  backend_options:
      kubernetes:
        securityContext:
          privileged: true
  settings:
    dockerfile: *file
    platforms: linux/arm64,linux/amd64
    cache_from: type=registry,ref=dev.shielddagger.com/shielddagger/heimdall
    cache_to: type=inline
    dry_run: true
    repo: *repo
    tags: latest
    registry: dev.shielddagger.com
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
  when:
  - event: pull_request
- name: publish
  image: woodpeckerci/plugin-docker-buildx
  backend_options:
      kubernetes:
        securityContext:
          privileged: true
  settings:
    dockerfile: *file
    platforms: linux/arm64,linux/amd64
    cache_from: type=registry,ref=dev.shielddagger.com/shielddagger/heimdall
    cache_to: type=inline
    repo: *repo
    auto_tag: true
    tags: ${CI_COMMIT_SHA:0:8}
    registry: dev.shielddagger.com
    username:
      from_secret: registry_username
    password:
      from_secret: registry_password
  when:
  - event: push
    branch: main
- name: image-scan
  image: aquasec/trivy
  environment:
    TRIVY_USER:
      from_secret: registry_username
    TRIVY_PASSWORD:
      from_secret: registry_password
  commands:
  - trivy image dev.shielddagger.com/shielddagger/heimdall  --exit-code 1 --username $TRIVY_USER --severity HIGH,CRITICAL
  when:
  - event: push
    branch: main
- name: trigger-deployment
  image: woodpeckerci/plugin-trigger
  settings:
    token:
      from_secret: woodpecker_token
    deploy: dev
    repositories:
    - ${CI_REPO}@${CI_PIPELINE_NUMBER}
  when:
  - event: push
    branch: main
- name: notify
  image: dev.shielddagger.com/infra/discord-notifier
  failure: ignore
  settings:
    webhook_url:
      from_secret: discord_webhook
    woodpecker_url: https://ci.shielddagger.com
    woodpecker_token:
      from_secret: woodpecker_token

depends_on:
- scans
Initial commit 2024-04-22 14:28:38 +02:00			`variables:`
			`- &file Containerfile`
			`- &repo dev.shielddagger.com/shielddagger/heimdall`

			`when:`
			`- event: [push, pull_request]`

			`steps:`
			`- name: configure`
			`when:`
			`- event: push`
			`branch: main`
			`image: alpine:latest`
			`commands:`
			`- echo ${CI_COMMIT_SHA:0:8} > .version`
			`- name: dryrun`
			`image: woodpeckerci/plugin-docker-buildx`
			`backend_options:`
			`kubernetes:`
			`securityContext:`
			`privileged: true`
			`settings:`
			`dockerfile: *file`
			`platforms: linux/arm64,linux/amd64`
			`cache_from: type=registry,ref=dev.shielddagger.com/shielddagger/heimdall`
			`cache_to: type=inline`
			`dry_run: true`
			`repo: *repo`
			`tags: latest`
			`registry: dev.shielddagger.com`
			`username:`
			`from_secret: registry_username`
			`password:`
			`from_secret: registry_password`
			`when:`
			`- event: pull_request`
			`- name: publish`
			`image: woodpeckerci/plugin-docker-buildx`
			`backend_options:`
			`kubernetes:`
			`securityContext:`
			`privileged: true`
			`settings:`
			`dockerfile: *file`
			`platforms: linux/arm64,linux/amd64`
			`cache_from: type=registry,ref=dev.shielddagger.com/shielddagger/heimdall`
			`cache_to: type=inline`
			`repo: *repo`
			`auto_tag: true`
			`tags: ${CI_COMMIT_SHA:0:8}`
			`registry: dev.shielddagger.com`
			`username:`
			`from_secret: registry_username`
			`password:`
			`from_secret: registry_password`
			`when:`
			`- event: push`
			`branch: main`
			`- name: image-scan`
			`image: aquasec/trivy`
			`environment:`
			`TRIVY_USER:`
			`from_secret: registry_username`
			`TRIVY_PASSWORD:`
			`from_secret: registry_password`
			`commands:`
			`- trivy image dev.shielddagger.com/shielddagger/heimdall --exit-code 1 --username $TRIVY_USER --severity HIGH,CRITICAL`
			`when:`
			`- event: push`
			`branch: main`
			`- name: trigger-deployment`
			`image: woodpeckerci/plugin-trigger`
			`settings:`
			`token:`
			`from_secret: woodpecker_token`
			`deploy: dev`
			`repositories:`
			`- ${CI_REPO}@${CI_PIPELINE_NUMBER}`
			`when:`
			`- event: push`
			`branch: main`
			`- name: notify`
			`image: dev.shielddagger.com/infra/discord-notifier`
			`failure: ignore`
			`settings:`
			`webhook_url:`
			`from_secret: discord_webhook`
			`woodpecker_url: https://ci.shielddagger.com`
			`woodpecker_token:`
			`from_secret: woodpecker_token`

			`depends_on:`
			`- scans`