gagent/.drone.yml

---
kind: pipeline
type: docker
name: validation

platform:
  arch: amd64

clone:
  depth: 1

volumes:
  - name: dockersock
    host:
      path: /run/docker.sock

steps:
  # - name: Notify Datadog That we are starting
  #   image: masci/drone-datadog
  #   settings:
  #     api_key:
  #       from_secret: Datadog
  #     events:
  #       - title: "Begin Build: ${DRONE_REPO}(${DRONE_BUILD_NUMBER})"
  #         text: ${DRONE_COMMIT_MESSAGE}(${DRONE_COMMIT_LINK})
  #         alert_type: "info"
  #         host: ${DRONE_SYSTEM_HOSTNAME}

  - name: Validate code base and dependencies
    # image: golang:1.16-alpine3.13
    image: dragonheim/golang:1.16.4
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    environment:
      TRIVY_QUIET: true
      TRIVY_LIGHT: true
      TRIVY_FORMAT: table
      TRIVY_IGNORE_UNFIXED: true
      TRIVY_NO_PROGRESS: true
    commands:
      ### Populate temporary container with tools / files we will need for building and testing
      - apk add --no-cache zeromq-dev zeromq
      # - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.2

      ### Format the go code. Go does not care about it, but it helps to ensure everything is formated the same.
      - go fmt ./...

      ### Perform a basic lint of the code, we do this after formatting, just in case there are edge cases with the formatting.
      - go vet ./...

      ### Run a security check and warn us about lower level vulnerabilities
      - trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .

      ### Re-run the scan, but this time looking for higher level vulnerabilities that we want to block for.
      - trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .

      ### Perform unit tests
      # - @TODO I really don't know how to do unit tests.  Will need to figure this out eventually.

      ### Build test container.
      # - docker buildx build --platform linux/arm/v7,linux/amd64,linux/arm64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} .
      - docker buildx build --platform linux/amd64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} -f docker/Dockerfile .

      ### Run a security check and warn us about lower level vulnerabilities
      - trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH ${DRONE_REPO}:${DRONE_COMMIT}

      ### Re-run the scan, but this time looking for critical vulnerabilities that we want to block for.
      - trivy image --skip-update --exit-code 1 --severity CRITICAL ${DRONE_REPO}:${DRONE_COMMIT}


  - name: Notify Datadog
    image: masci/drone-datadog
    settings:
      api_key:
        from_secret: Datadog
      events:
        - title: "Build failure on amd64"
          text: "Build ${DRONE_BUILD_NUMBER}"
          alert_type: "error"
    when:
      status:
        - failure
fix: Re-initializing after I destroyed the original repository. 2021-02-25 17:46:40 -08:00			`---`
			`kind: pipeline`
			`type: docker`
style: Adjusting Picol format / syntax to match modern standards. 2021-05-21 18:46:26 -07:00			`name: validation`
fix: Re-initializing after I destroyed the original repository. 2021-02-25 17:46:40 -08:00
			`platform:`
Testing drone on amd64 2021-03-31 06:17:43 +00:00			`arch: amd64`
fix: Re-initializing after I destroyed the original repository. 2021-02-25 17:46:40 -08:00
fix: (issues/7): Code is loading. Will test to see if it is being sent to router. Also adding build for arm. 2021-04-03 13:49:56 -07:00			`clone:`
			`depth: 1`

			`volumes:`
			`- name: dockersock`
			`host:`
			`path: /run/docker.sock`

			`steps:`
Removing the new step to validate existing. 2021-05-22 09:55:28 -07:00			`# - name: Notify Datadog That we are starting`
			`# image: masci/drone-datadog`
			`# settings:`
			`# api_key:`
			`# from_secret: Datadog`
			`# events:`
			`# - title: "Begin Build: ${DRONE_REPO}(${DRONE_BUILD_NUMBER})"`
			`# text: ${DRONE_COMMIT_MESSAGE}(${DRONE_COMMIT_LINK})`
			`# alert_type: "info"`
			`# host: ${DRONE_SYSTEM_HOSTNAME}`
Adding some preliminary DD notifications. 2021-05-22 09:47:35 -07:00
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00			`- name: Validate code base and dependencies`
fix: Testing a modified drone file. 2021-05-21 19:28:23 -07:00			`# image: golang:1.16-alpine3.13`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00			`image: dragonheim/golang:1.16.4`
Forgot, it needs to know where to mount the docker socket. 2021-05-22 08:36:16 -07:00			`volumes:`
			`- name: dockersock`
			`path: /var/run/docker.sock`
Cleaned up the trivy command line by using environment variables. 2021-05-22 06:33:39 -07:00			`environment:`
			`TRIVY_QUIET: true`
			`TRIVY_LIGHT: true`
			`TRIVY_FORMAT: table`
			`TRIVY_IGNORE_UNFIXED: true`
			`TRIVY_NO_PROGRESS: true`
style: Adjusting Picol format / syntax to match modern standards. 2021-05-21 18:46:26 -07:00			`commands:`
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`### Populate temporary container with tools / files we will need for building and testing`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00			`- apk add --no-cache zeromq-dev zeromq`
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`# - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \| sh -s -- -b /usr/local/bin v0.18.2`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`### Format the go code. Go does not care about it, but it helps to ensure everything is formated the same.`
style: Adjusting Picol format / syntax to match modern standards. 2021-05-21 18:46:26 -07:00			`- go fmt ./...`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`### Perform a basic lint of the code, we do this after formatting, just in case there are edge cases with the formatting.`
style: Adjusting Picol format / syntax to match modern standards. 2021-05-21 18:46:26 -07:00			`- go vet ./...`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`### Run a security check and warn us about lower level vulnerabilities`
Found a better way to scan the repository. 2021-05-22 07:08:05 -07:00			`- trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`### Re-run the scan, but this time looking for higher level vulnerabilities that we want to block for.`
Found a better way to scan the repository. 2021-05-22 07:08:05 -07:00			`- trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`### Perform unit tests`
			`# - @TODO I really don't know how to do unit tests. Will need to figure this out eventually.`
style: Adjusting Picol format / syntax to match modern standards. 2021-05-21 18:46:26 -07:00
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00			`### Build test container.`
Buildx is saying environment cannot do multi-arch... need to figure that out. 2021-05-22 08:40:09 -07:00			`# - docker buildx build --platform linux/arm/v7,linux/amd64,linux/arm64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} .`
Duh, need to tell it how to get to the Dockerfile. 2021-05-22 08:43:00 -07:00			`- docker buildx build --platform linux/amd64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} -f docker/Dockerfile .`
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
It is now building, moving on the SAST. 2021-05-22 08:51:19 -07:00			`### Run a security check and warn us about lower level vulnerabilities`
Relaxing securtity vulnerability checks just a bit during the build phase. 2021-05-22 09:09:45 -07:00			`- trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH ${DRONE_REPO}:${DRONE_COMMIT}`
It is now building, moving on the SAST. 2021-05-22 08:51:19 -07:00
Relaxing securtity vulnerability checks just a bit during the build phase. 2021-05-22 09:09:45 -07:00			`### Re-run the scan, but this time looking for critical vulnerabilities that we want to block for.`
			`- trivy image --skip-update --exit-code 1 --severity CRITICAL ${DRONE_REPO}:${DRONE_COMMIT}`
It is now building, moving on the SAST. 2021-05-22 08:51:19 -07:00
Adding very preliminary build via buildx. 2021-05-22 08:32:30 -07:00
			`- name: Notify Datadog`
Very preliminary validation phase. 2021-05-22 06:10:35 -07:00			`image: masci/drone-datadog`
			`settings:`
			`api_key:`
			`from_secret: Datadog`
			`events:`
			`- title: "Build failure on amd64"`
			`text: "Build ${DRONE_BUILD_NUMBER}"`
			`alert_type: "error"`
			`when:`
			`status:`
			`- failure`