.drone-1.0.yml

kind: pipeline
name: default
type: kubernetes
steps:
  - name: install
    image: node:18
    environment:
      ART_AUTH_TOKEN:
        from_secret: art_auth_token
      GITHUB_AUTH_TOKEN:
        from_secret: github_token
    commands:
      - npm ci
  - name: test
    image: node:18
    environment:
      ART_AUTH_TOKEN:
        from_secret: art_auth_token
      GITHUB_AUTH_TOKEN:
        from_secret: github_token
    commands:
      - npm test
  - name: audit
    image: node:18
    environment:
      ART_AUTH_TOKEN:
        from_secret: art_auth_token
      GITHUB_AUTH_TOKEN:
        from_secret: github_token
    commands:
      - npm run test:audit
  - name: docker build
    image: docker:dind
    environment:
      DOCKER_HOST: tcp://docker:2375
      DOCKER_BUILDKIT: 1
      ART_AUTH_TOKEN:
        from_secret: art_auth_token
      GITHUB_AUTH_TOKEN:
        from_secret: github_token
    commands:
      - docker build --secret id=github_token,env=GITHUB_AUTH_TOKEN --secret id=token,env=ART_AUTH_TOKEN -t asl-attachments .
  - name: scan-image
    pull: Always
    image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/trivy/client:latest
    resources:
      limits:
        cpu: 1000
        memory: 1024Mi
    environment:
      IMAGE_NAME: asl-attachments
      ALLOW_CVE_LIST_FILE: cve-exceptions.txt
  - name: docker push
    image: docker:dind
    environment:
      DOCKER_HOST: tcp://docker:2375
      ART_AUTH_TOKEN:
        from_secret: art_auth_token
      GITHUB_AUTH_TOKEN:
        from_secret: github_token
      DOCKER_PASSWORD:
        from_secret: docker_password
    commands:
      - docker login -u="ukhomeofficedigital+asl" -p=$${DOCKER_PASSWORD} quay.io
      - docker tag asl-attachments quay.io/ukhomeofficedigital/asl-attachments:$${DRONE_COMMIT_SHA}
      - docker push quay.io/ukhomeofficedigital/asl-attachments:$${DRONE_COMMIT_SHA}
    when:
      event: push
      branch: main
  - name: update manifest
    image: quay.io/ukhomeofficedigital/asl-deploy-bot:latest
    environment:
      GITHUB_ACCESS_TOKEN:
        from_secret: github_access_token
    commands:
      - update
        --repo ukhomeoffice/asl-deployments
        --token $${GITHUB_ACCESS_TOKEN}
        --file versions.yml
        --service asl-attachments
        --version $${DRONE_COMMIT_SHA}
    when:
      event: push
      branch: main

services:
- name: docker
  image: docker:dind
  environment:
    DOCKER_TLS_CERTDIR: ""
- name: anchore-submission-server
  image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
  pull: always
  commands:
    - /run.sh server