variables: - &file Containerfile - &repo dev.shielddagger.com/infra/discord-notifier when: - event: [push, pull_request] steps: - name: configure when: - event: push branch: main image: alpine:latest commands: - echo ${CI_COMMIT_SHA:0:8} > .version - name: dryrun image: woodpeckerci/plugin-docker-buildx backend_options: kubernetes: securityContext: privileged: true settings: dockerfile: *file platforms: linux/arm64,linux/amd64 cache_from: type=registry,ref=dev.shielddagger.com/infra/discord-notifier cache_to: type=inline dry_run: true repo: *repo tags: latest registry: dev.shielddagger.com username: from_secret: registry_username password: from_secret: registry_password when: - event: pull_request - name: publish image: woodpeckerci/plugin-docker-buildx backend_options: kubernetes: securityContext: privileged: true settings: dockerfile: *file platforms: linux/arm64,linux/amd64 cache_from: type=registry,ref=dev.shielddagger.com/infra/discord-notifier cache_to: type=inline repo: *repo auto_tag: true tags: ${CI_COMMIT_SHA:0:8} registry: dev.shielddagger.com username: from_secret: registry_username password: from_secret: registry_password when: - event: push branch: main - name: image-scan image: aquasec/trivy environment: TRIVY_USER: from_secret: registry_username TRIVY_PASSWORD: from_secret: registry_password commands: - trivy image dev.shielddagger.com/infra/discord-notifier --exit-code 1 --username $TRIVY_USER --severity HIGH,CRITICAL when: - event: push branch: main - name: notify image: dev.shielddagger.com/infra/discord-notifier failure: ignore settings: webhook_url: from_secret: discord_webhook woodpecker_url: https://ci.shielddagger.com woodpecker_token: from_secret: woodpecker_token icon_url: https://dev.shielddagger.com/repo-avatars/273e88fa2afde290121dc7b5987dc366b88325f147bf1e5766bca26296bbc1f9 when: - status: [success, failure] depends_on: - scans