initial with woodpecker and quay.io

.gitlab-ci.yml

@@ -1,22 +0,0 @@
-image: docker:stable
-
-stages:
-        - build
-
-variables:
-        IMAGE_NAME: registry.gitlab.com/wolutator/networktools
-
-build:
-        stage: build
-        tags:
-                - hottis
-                - linux
-                - docker
-        script: 
-                - VERSION=`cat VERSION`
-                - echo "Version is $VERSION"
-                - docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION .
-                - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-                - docker push $IMAGE_NAME:latest
-                - docker push $IMAGE_NAME:$VERSION
-

.woodpecker.yml

@@ -0,0 +1,85 @@
+steps:
+  build:
+    image: plugins/kaniko
+    settings:
+      repo: ${FORGE_NAME}/${CI_REPO}
+      registry:
+        from_secret: container_registry
+      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
+      username:
+        from_secret: container_registry_username
+      password:
+        from_secret: container_registry_password
+      dockerfile: Dockerfile
+    when:
+      - event: [push, tag]
+
+  scan_image:
+    image: aquasec/trivy
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+    commands:
+      - |
+        env TRIVY_DISABLE_VEX_NOTICE=1 \
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --quiet \
+              --exit-code 1 \
+              $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA 
+    when:
+      - event: [push, tag]
+
+  generate_sbom:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+      DTRACK_API_KEY:
+        from_secret: dtrack_api_key
+      DTRACK_API_URL:
+        from_secret: dtrack_api_url
+    commands:
+      - HOME=/home/`id -nu`
+      - TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
+      - |
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --format cyclonedx \
+              --scanners license \
+              --output /tmp/sbom.xml \
+              $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA
+      - cat /tmp/sbom.xml
+      - |
+        curl -X "POST" \
+             -H "Content-Type: multipart/form-data" \
+             -H "X-Api-Key: $DTRACK_API_KEY" \
+             -F "autoCreate=true" \
+             -F "projectName=$CI_REPO" \
+             -F "projectVersion=$TAG" \
+             -F "bom=@/tmp/sbom.xml"\
+             "$DTRACK_API_URL/api/v1/bom"
+    when:
+      - event: [tag]
+
+  build:
+    image: plugins/kaniko
+    settings:
+      repo: quay.io/wollud1969/networktools
+      registry: quay.io
+      tags: 
+        - latest
+        - ${CI_COMMIT_TAG}
+      username:
+        from_secret: quay_username
+      password:
+        from_secret: quay_password
+      dockerfile: Dockerfile
+    when:
+      - event: [tag]

Dockerfile

@@ -1,25 +1,11 @@
 FROM debian:latest
 
 LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
-LABEL ImageName="registry.gitlab.com/wolutator/networktools"
 
 
 RUN \
-  apt-get update && \
+  apt update && \
-  apt-get install -y make && \
+  apt upgrade -y --autoremove && \
-  apt-get install -y openssh-client && \
+  apt install make openssh-client git python3 python3-requests gpg apt-transport-https whet curl nmap snmp netcat tcpdump dnsutils net-tools
-  apt-get install -y git && \
-  apt-get install -y python && \
-  apt-get install -y python-requests && \
-  apt-get install -y gpg && \
-  apt-get install -y apt-transport-https && \
-  apt-get install -y wget && \
-  apt-get install -y curl && \
-  apt-get install -y nmap && \
-  apt-get install -y snmp && \
-  apt-get install -y netcat && \
-  apt-get install -y tcpdump
-
-
 
 

VERSION

@@ -1 +0,0 @@
-0.1