---
kind: pipeline
type: docker
name: validation

platform:
  arch: amd64

clone:
  depth: 1

volumes:
  - name: dockersock
    host:
      path: /run/docker.sock

steps:
  - name: Notify Datadog That We Are Starting
    image: masci/drone-datadog
    settings:
      api_key:
        from_secret: Datadog
      events:
        - title: "Begin Build: ${DRONE_REPO}"
          text: "Build ${DRONE_BUILD_NUMBER}(${DRONE_COMMIT_LINK})"
          alert_type: "info"

  - name: Validate code base and dependencies
    image: dragonheim/golang:1.17.0
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    environment:
      TRIVY_QUIET: true
      TRIVY_LIGHT: true
      TRIVY_FORMAT: table
      TRIVY_IGNORE_UNFIXED: true
      TRIVY_NO_PROGRESS: true
    commands:
      # Populate temporary container with tools / files we will need for building and testing
      - apk add --no-cache zeromq-dev zeromq

      # Format Golang code.  Golang does not really care about formatting, but this standardizes things
      - go fmt ./...

      # Perform basic linting of the Golang code. Ideally this should never be needed, but merges can introduce imcompatabilities.
      - go vet ./...

      # Perform code security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
      - trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .

      # Perform code security check of higher level vulnerabilities. This can break the build.
      - trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .

      # Build new container image.
      # - docker buildx build --push --platform linux/amd64 --progress plain --build-arg SEMVER="${DRONE_SEMVER}" -t "${DRONE_REPO}:latest" -t "${DRONE_REPO}:${DRONE_SEMVER}" -f docker/Dockerfile .
      - docker buildx build --platform linux/amd64 --progress plain --build-arg SEMVER="dev" -t "${DRONE_REPO}:dev" -f assets/docker/Dockerfile .

      # Perform image security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
      - trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH "${DRONE_REPO}:dev"

      # Perform image security check of higher level vulnerabilities. This can break the build.
      - trivy image --skip-update --exit-code 1 --severity CRITICAL "${DRONE_REPO}:dev"

  - name: Create Test Environment
    image: dragonheim/terraform:latest
    volumes:
      - name: dockersock
        path: /var/run/docker.sock
    environment:
      TRIVY_QUIET: true
    commands:
      - cd assets/tfenv
      - terraform init
      - terraform plan

  - name: Notify Datadog That We Have Completed
    image: masci/drone-datadog
    settings:
      api_key:
        from_secret: Datadog
      events:
        - title: "Build failure on amd64"
          text: "Build ${DRONE_BUILD_NUMBER}"
          alert_type: "error"
    when:
      status:
        - failure