when:
- event: [push, pull_request]

steps:
- name: scan-repo
  depends_on: []
  image: aquasec/trivy
  environment:
    TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
    TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
    TRIVY_CHECKS_BUNDLE_REPOSITORY: public.ecr.aws/aquasecurity/trivy-checks
  commands:
  - trivy repo . --exit-code 1
  when:
  - event: [push, pull_request]
- name: scan-conf
  depends_on: []
  image: aquasec/trivy
  environment:
    TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
    TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
    TRIVY_CHECKS_BUNDLE_REPOSITORY: public.ecr.aws/aquasecurity/trivy-checks
  commands:
  - trivy config . --exit-code 1
  when:
  - event: [push, pull_request]
- name: notify
  image: dev.shielddagger.com/opensource/discord-notifier
  failure: ignore
  depends_on:
  - scan-repo
  - scan-conf
  settings:
    webhook_url:
      from_secret: discord_webhook
    woodpecker_url: https://ci.shielddagger.com/api
    woodpecker_token:
      from_secret: woodpecker_token
    icon_url: https://dev.shielddagger.com/repo-avatars/1a648399aed58ef1c440bde43fc3f0f98f237a8d8f68074febe98517a86e1887
  when:
  - status: [success, failure]