steps:
  build:
    image: plugins/kaniko
    settings:
      repo: ${FORGE_NAME}/${CI_REPO}
      registry:
        from_secret: container_registry
      tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG}
      username:
        from_secret: container_registry_username
      password:
        from_secret: container_registry_password
      dockerfile: Dockerfile
    when:
      - event: [push, tag]
  scan_image:
    image: aquasec/trivy
    commands:
      - trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
    when:
      - event: [push, tag]
  deploy:
    image: quay.io/wollud1969/k8s-admin-helper:0.1.3
    environment:
      KUBE_CONFIG_CONTENT:
        from_secret: kube_config
      GPG_PASSPHRASE:
        from_secret: gpg_passphrase
    commands:
      - export IMAGE_TAG=$CI_COMMIT_TAG
      - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig
      - export KUBECONFIG=/tmp/kubeconfig
      - ./deployment/deploy.sh
    when:
      - event: tag