---
kind: pipeline
type: docker
name: validation

platform:
  arch: amd64

clone:
  depth: 1

volumes:
  - name: dockersock
    host:
      path: /run/docker.sock

steps:
  - name: Validate code base
    # image: golang:1.16-alpine3.13
    image: golang:1.16.4
    environment:
      TRIVY_QUIET: true
      TRIVY_LIGHT: true
      TRIVY_FORMAT: table
      TRIVY_IGNORE_UNFIXED: true
      TRIVY_NO_PROGRESS: true
    commands:
      ### Populate temporary container with tools / files we will need for building and testing
      # - apk add --no-cache zeromq-dev build-base git
      # - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.2
      ### Format the go code. Go does not care about it, but it helps to ensure everything is formated the same.
      - go fmt ./...
      ### Perform a basic lint of the code, we do this after formatting, just in case there are edge cases with the formatting.
      - go vet ./...
      ### Run a security check and warn us about lower level vulnerabilities
      - trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .
      ### Re-run the scan, but this time looking for higher level vulnerabilities that we want to block for.
      - trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .
      ### Perform unit tests
      # - @TODO I really don't know how to do unit tests.  Will need to figure this out eventually.

  - name: Send Status To Datadog
    image: masci/drone-datadog
    settings:
      api_key:
        from_secret: Datadog
      events:
        - title: "Build failure on amd64"
          text: "Build ${DRONE_BUILD_NUMBER}"
          alert_type: "error"
    when:
      status:
        - failure