94 lines
2.2 KiB
YAML
94 lines
2.2 KiB
YAML
variables:
|
|
- &file Containerfile
|
|
- &repo dev.shielddagger.com/shielddagger/heimdall
|
|
|
|
when:
|
|
- event: [push, pull_request]
|
|
|
|
steps:
|
|
- name: configure
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
image: alpine:latest
|
|
commands:
|
|
- echo ${CI_COMMIT_SHA:0:8} > .version
|
|
- name: dryrun
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
backend_options:
|
|
kubernetes:
|
|
securityContext:
|
|
privileged: true
|
|
settings:
|
|
dockerfile: *file
|
|
platforms: linux/arm64,linux/amd64
|
|
cache_from: type=registry,ref=dev.shielddagger.com/shielddagger/heimdall
|
|
cache_to: type=inline
|
|
dry_run: true
|
|
repo: *repo
|
|
tags: latest
|
|
registry: dev.shielddagger.com
|
|
username:
|
|
from_secret: registry_username
|
|
password:
|
|
from_secret: registry_password
|
|
when:
|
|
- event: pull_request
|
|
- name: publish
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
backend_options:
|
|
kubernetes:
|
|
securityContext:
|
|
privileged: true
|
|
settings:
|
|
dockerfile: *file
|
|
platforms: linux/arm64,linux/amd64
|
|
cache_from: type=registry,ref=dev.shielddagger.com/shielddagger/heimdall
|
|
cache_to: type=inline
|
|
repo: *repo
|
|
auto_tag: true
|
|
tags: ${CI_COMMIT_SHA:0:8}
|
|
registry: dev.shielddagger.com
|
|
username:
|
|
from_secret: registry_username
|
|
password:
|
|
from_secret: registry_password
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
- name: image-scan
|
|
image: aquasec/trivy
|
|
environment:
|
|
TRIVY_USER:
|
|
from_secret: registry_username
|
|
TRIVY_PASSWORD:
|
|
from_secret: registry_password
|
|
commands:
|
|
- trivy image dev.shielddagger.com/shielddagger/heimdall --exit-code 1 --username $TRIVY_USER --severity HIGH,CRITICAL
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
- name: trigger-deployment
|
|
image: woodpeckerci/plugin-trigger
|
|
settings:
|
|
token:
|
|
from_secret: woodpecker_token
|
|
deploy: dev
|
|
repositories:
|
|
- ${CI_REPO}@${CI_PIPELINE_NUMBER}
|
|
when:
|
|
- event: push
|
|
branch: main
|
|
- name: notify
|
|
image: dev.shielddagger.com/infra/discord-notifier
|
|
failure: ignore
|
|
settings:
|
|
webhook_url:
|
|
from_secret: discord_webhook
|
|
woodpecker_url: https://ci.shielddagger.com
|
|
woodpecker_token:
|
|
from_secret: woodpecker_token
|
|
|
|
depends_on:
|
|
- scans
|