--- kind: pipeline type: docker name: validation platform: arch: amd64 clone: depth: 1 volumes: - name: dockersock host: path: /run/docker.sock steps: - name: Notify Datadog That We Are Starting image: masci/drone-datadog settings: api_key: from_secret: Datadog events: - title: "Build failure on amd64" text: "Build ${DRONE_BUILD_NUMBER}" alert_type: "error" # - title: "Begin Build: ${DRONE_REPO}(${DRONE_BUILD_NUMBER})" # text: ${DRONE_COMMIT_MESSAGE}(${DRONE_COMMIT_LINK}) # alert_type: "info" # # host: ${DRONE_SYSTEM_HOSTNAME} - name: Validate code base and dependencies # image: golang:1.16-alpine3.13 image: dragonheim/golang:1.16.4 volumes: - name: dockersock path: /var/run/docker.sock environment: TRIVY_QUIET: true TRIVY_LIGHT: true TRIVY_FORMAT: table TRIVY_IGNORE_UNFIXED: true TRIVY_NO_PROGRESS: true commands: ### Populate temporary container with tools / files we will need for building and testing - apk add --no-cache zeromq-dev zeromq # - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.2 ### Format the go code. Go does not care about it, but it helps to ensure everything is formated the same. - go fmt ./... ### Perform a basic lint of the code, we do this after formatting, just in case there are edge cases with the formatting. - go vet ./... ### Run a security check and warn us about lower level vulnerabilities - trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM . ### Re-run the scan, but this time looking for higher level vulnerabilities that we want to block for. - trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH . ### Perform unit tests # - @TODO I really don't know how to do unit tests. Will need to figure this out eventually. ### Build test container. # - docker buildx build --platform linux/arm/v7,linux/amd64,linux/arm64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} . - docker buildx build --platform linux/amd64 --progress plain -t ${DRONE_REPO}:${DRONE_COMMIT} -f docker/Dockerfile . ### Run a security check and warn us about lower level vulnerabilities - trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH ${DRONE_REPO}:${DRONE_COMMIT} ### Re-run the scan, but this time looking for critical vulnerabilities that we want to block for. - trivy image --skip-update --exit-code 1 --severity CRITICAL ${DRONE_REPO}:${DRONE_COMMIT} - name: Notify Datadog That We Have Completed image: masci/drone-datadog settings: api_key: from_secret: Datadog events: - title: "Build failure on amd64" text: "Build ${DRONE_BUILD_NUMBER}" alert_type: "error" when: status: - failure