changes, 4

.woodpecker.yml

@@ -1,36 +1,90 @@
 steps:
-  build:
+  build_api_modules:
+    image: openapitools/openapi-generator-cli:v7.12.0
+    commands:
+      - DESTDIR=.
+      - docker-entrypoint.sh generate -i https://dtrack-api.hottis.de/api/openapi.json -g python -o $DESTDIR/dependencytrack-client --package-name dependencytrack_api
+      - docker-entrypoint.sh generate -i https://defectdojo.hottis.de/api/v2/oa3/schema/?format=json -g python -o $DESTDIR/defectdojo-client --package-name defectdojo_api
+      - tar -cvzf api-artifacts.tgz $DESTDIR/dependencytrack-client $DESTDIR/defectdojo-client
+    when:
+      - event: [push, tag]
+
+  prepare_application:
+    image: alpine:3.21
+    when:
+      - event: [push, tag]
+    commands:
+      - pwd
+      - tar -xzf --strip-components=1 -xzf api-artifacts.tgz
+      - ls -la
+
+
+
+
+  scan:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+      DTRACK_API_KEY:
+        from_secret: dtrack_api_key
+      DTRACK_API_URL:
+        from_secret: dtrack_api_url
+    commands:
+      - export GOPATH=/woodpecker/go   # the export is required, otherwise trivy will not consider the variable
+      - HOME=/home/`id -nu`
+      - TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
+      - |
+        trivy fs \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --format cyclonedx \
+              --scanners license \
+              --output /tmp/sbom.xml \
+              .        
+      - cat /tmp/sbom.xml
+      - |
+        curl -X "POST" \
+             -H "Content-Type: multipart/form-data" \
+             -H "X-Api-Key: $DTRACK_API_KEY" \
+             -F "autoCreate=true" \
+             -F "projectName=$CI_REPO" \
+             -F "projectVersion=$TAG" \
+             -F "bom=@/tmp/sbom.xml"\
+             "$DTRACK_API_URL/api/v1/bom"        
+    when:
+      - event: [tag]
+
+  dockerize:
     image: plugins/kaniko
     settings:
       repo: ${FORGE_NAME}/${CI_REPO}
-      registry:
+      registry: 
         from_secret: container_registry
       tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
-      username:
+      username: 
         from_secret: container_registry_username
-      password:
+      password: 
         from_secret: container_registry_password
       dockerfile: Dockerfile
     when:
-      - event: [push, tag]
-  scan_image:
-    image: aquasec/trivy
+      - event: [tag]
+
+  deploy:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      KUBE_CONFIG_CONTENT:
+        from_secret: kube_config
+      ENCRYPTION_KEY:
+        from_secret: encryption_key
+      MD5_CHECKSUM:
+        from_secret: secrets_checksum
     commands:
-      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
-    when:
-      - event: [push, tag]
-  build:
-    image: plugins/kaniko
-    settings:
-      repo: quay.io/wollud1969/k8s-admin-helper
-      registry: quay.io
-      tags: 
-        - latest
-        - ${CI_COMMIT_TAG}
-      username:
-        from_secret: quay_username
-      password:
-        from_secret: quay_password
-      dockerfile: Dockerfile
+      - export IMAGE_TAG=$CI_COMMIT_TAG
+      - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig
+      - export KUBECONFIG=/tmp/kubeconfig
+      - ./deployment/deploy.sh
     when:
       - event: [tag]

Dockerfile

@@ -4,7 +4,7 @@ ARG USER="user"
 
 RUN \
     echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
-    apk add --no-cache kubectl gpg gpg-agent bash trivy@testing curl && \
+    apk add --no-cache kubectl openssl gpg gpg-agent bash trivy@testing curl helm && \
     addgroup $USER && \
     adduser -G $USER -D $USER