2021-02-25 17:46:40 -08:00
|
|
|
---
|
|
|
|
|
kind: pipeline
|
|
|
|
|
type: docker
|
2021-05-21 18:46:26 -07:00
|
|
|
name: validation
|
2021-02-25 17:46:40 -08:00
|
|
|
|
|
|
|
|
platform:
|
2021-08-30 07:29:19 -07:00
|
|
|
arch: amd64
|
2021-02-25 17:46:40 -08:00
|
|
|
|
2021-04-03 13:49:56 -07:00
|
|
|
clone:
|
2021-08-30 07:29:19 -07:00
|
|
|
depth: 1
|
2021-04-03 13:49:56 -07:00
|
|
|
|
|
|
|
|
volumes:
|
2021-08-30 07:29:19 -07:00
|
|
|
- name: dockersock
|
|
|
|
|
host:
|
|
|
|
|
path: /run/docker.sock
|
2021-04-03 13:49:56 -07:00
|
|
|
|
|
|
|
|
steps:
|
2021-08-30 07:29:19 -07:00
|
|
|
- name: Notify Datadog That We Are Starting
|
|
|
|
|
image: masci/drone-datadog
|
|
|
|
|
settings:
|
|
|
|
|
api_key:
|
|
|
|
|
from_secret: Datadog
|
|
|
|
|
events:
|
|
|
|
|
- title: "Begin Build: ${DRONE_REPO}"
|
|
|
|
|
text: "Build ${DRONE_BUILD_NUMBER}(${DRONE_COMMIT_LINK})"
|
|
|
|
|
alert_type: "info"
|
2021-05-22 09:47:35 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
- name: Validate code base and dependencies
|
|
|
|
|
image: dragonheim/golang:1.17.0
|
|
|
|
|
volumes:
|
|
|
|
|
- name: dockersock
|
|
|
|
|
path: /var/run/docker.sock
|
|
|
|
|
environment:
|
|
|
|
|
TRIVY_QUIET: true
|
|
|
|
|
TRIVY_LIGHT: true
|
|
|
|
|
TRIVY_FORMAT: table
|
|
|
|
|
TRIVY_IGNORE_UNFIXED: true
|
|
|
|
|
TRIVY_NO_PROGRESS: true
|
|
|
|
|
commands:
|
|
|
|
|
# Populate temporary container with tools / files we will need for building and testing
|
|
|
|
|
- apk add --no-cache zeromq-dev zeromq
|
2021-05-22 08:32:30 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Format Golang code. Golang does not really care about formatting, but this standardizes things
|
|
|
|
|
- go fmt ./...
|
2021-05-22 08:32:30 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Perform basic linting of the Golang code. Ideally this should never be needed, but merges can introduce imcompatabilities.
|
|
|
|
|
- go vet ./...
|
2021-05-22 08:32:30 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Perform code security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
|
|
|
|
|
- trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .
|
2021-05-22 08:32:30 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Perform code security check of higher level vulnerabilities. This can break the build.
|
2021-09-08 18:40:57 -07:00
|
|
|
- trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .
|
2021-05-22 08:32:30 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Build new container image.
|
2021-09-09 13:38:51 -07:00
|
|
|
- docker buildx build --push --platform linux/amd64 --progress plain --build-arg SEMVER="${DRONE_SEMVER}" -t ${DRONE_REPO}:latest -t ${DRONE_REPO}:${DRONE_SEMVER} -f docker/Dockerfile .
|
2021-05-21 18:46:26 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Perform image security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
|
2021-09-09 13:38:51 -07:00
|
|
|
- trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH ${DRONE_REPO}:${DRONE_SEMVER}
|
2021-05-22 08:32:30 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# Perform image security check of higher level vulnerabilities. This can break the build.
|
2021-09-09 13:38:51 -07:00
|
|
|
- trivy image --skip-update --exit-code 1 --severity CRITICAL ${DRONE_REPO}:${DRONE_SEMVER}
|
2021-05-22 08:51:19 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
# name: Create Test Environment
|
|
|
|
|
# image: dragonheim/terraform:latest
|
2021-05-22 08:51:19 -07:00
|
|
|
|
2021-08-30 07:29:19 -07:00
|
|
|
- name: Notify Datadog That We Have Completed
|
|
|
|
|
image: masci/drone-datadog
|
|
|
|
|
settings:
|
|
|
|
|
api_key:
|
|
|
|
|
from_secret: Datadog
|
|
|
|
|
events:
|
|
|
|
|
- title: "Build failure on amd64"
|
|
|
|
|
text: "Build ${DRONE_BUILD_NUMBER}"
|
|
|
|
|
alert_type: "error"
|
|
|
|
|
when:
|
|
|
|
|
status:
|
|
|
|
|
- failure
|
