gagent/.drone.yml

118 lines
3.8 KiB
YAML

---
kind: pipeline
type: docker
name: validation
platform:
arch: amd64
clone:
depth: 1
volumes:
- name: dockersock
host:
path: /run/docker.sock
steps:
- name: Notify Datadog That We Are Starting
image: masci/drone-datadog
settings:
api_key:
from_secret: Datadog
events:
- title: "Begin Build: ${DRONE_REPO}"
text: "Build ${DRONE_BUILD_NUMBER}(${DRONE_COMMIT_LINK})"
alert_type: "info"
when:
ref:
include:
- refs/tags/**
- name: Validate code base and dependencies
image: dragonheim/golang:1.17
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
TRIVY_QUIET: true
TRIVY_LIGHT: true
TRIVY_FORMAT: table
TRIVY_IGNORE_UNFIXED: true
TRIVY_NO_PROGRESS: true
commands:
# Populate temporary container with tools / files we will need for building and testing
- apk add --no-cache zeromq-dev zeromq
# Format Golang code. Golang does not really care about formatting, but this standardizes things
- go fmt ./...
# Perform basic linting of the Golang code. Ideally this should never be needed, but merges can introduce imcompatabilities.
- go vet ./...
# Perform code security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
- trivy fs --exit-code 0 --severity UNKNOWN,LOW,MEDIUM .
# Perform code security check of higher level vulnerabilities. This can break the build.
- trivy fs --skip-update --exit-code 1 --severity CRITICAL,HIGH .
# Build new container image.
- docker buildx build --platform linux/amd64 --progress plain --build-arg SEMVER="dev" -t "${DRONE_REPO}:dev" -f assets/docker/Dockerfile .
# Perform image security check of lower level vulnerabilities. This will not break the build, we just want this information, just in case.
- trivy image --skip-update --exit-code 0 --severity UNKNOWN,LOW,MEDIUM,HIGH "${DRONE_REPO}:dev"
# Perform image security check of higher level vulnerabilities. This can break the build.
- trivy image --skip-update --exit-code 1 --severity CRITICAL "${DRONE_REPO}:dev"
# - name: Create Test Environment
# image: dragonheim/terraform:1.0
# volumes:
# - name: dockersock
# path: /var/run/docker.sock
# environment:
# TRIVY_QUIET: true
# commands:
# - cd assets/tfenv
# - terraform init
# - terraform plan
- name: Test application
image: "${DRONE_REPO}:dev"
volumes:
- name: dockersock
path: /var/run/docker.sock
commands:
- echo "running"
- name: Build and push container
image: dragonheim/golang:1.17
volumes:
- name: dockersock
path: /var/run/docker.sock
when:
ref:
include:
- refs/tags/**
commands:
# Build new container image.
- docker buildx build --platform linux/amd64 --progress plain --build-arg SEMVER="${DRONE_SEMVER}" -t "${DRONE_REPO}:latest" -f docker/Dockerfile .
# Perform image security check of higher level vulnerabilities. This can break the build.
- trivy image --skip-update --exit-code 1 --severity CRITICAL "${DRONE_REPO}:latest"
# Push new build
- docker buildx build --push --platform linux/amd64 --progress plain --build-arg SEMVER="${DRONE_SEMVER}" -t "${DRONE_REPO}:latest" -t "${DRONE_REPO}:${DRONE_SEMVER}" -f docker/Dockerfile .
- name: Notify Datadog That We Have Completed
image: masci/drone-datadog
settings:
api_key:
from_secret: Datadog
events:
- title: "Build failure on amd64"
text: "Build ${DRONE_BUILD_NUMBER}"
alert_type: "error"
when:
status:
- failure