steps: build: image: golang:1.22.5-alpine3.20 commands: - GOPATH=/woodpecker/go - ls -l - cd src/smq - go mod tidy - go build -a -installsuffix nocgo -o smq snmp-mqtt.go - cp smq ../.. when: - event: [push, tag] scan: image: quay.io/wollud1969/woodpecker-helper:0.5.1 environment: TRIVY_TOKEN: from_secret: trivy_token TRIVY_URL: from_secret: trivy_url DTRACK_API_KEY: from_secret: dtrack_api_key DTRACK_API_URL: from_secret: dtrack_api_url commands: - export GOPATH=/woodpecker/go # the export is required, otherwise trivy will not consider the variable - HOME=/home/`id -nu` - TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}" - | trivy fs \ --server $TRIVY_URL \ --token $TRIVY_TOKEN \ --format cyclonedx \ --scanners license \ --output /tmp/sbom.xml \ . - cat /tmp/sbom.xml - | curl -X "POST" \ -H "Content-Type: multipart/form-data" \ -H "X-Api-Key: $DTRACK_API_KEY" \ -F "autoCreate=true" \ -F "projectName=$CI_REPO" \ -F "projectVersion=$TAG" \ -F "bom=@/tmp/sbom.xml"\ "$DTRACK_API_URL/api/v1/bom" when: - event: [push, tag] dockerize: image: plugins/kaniko settings: repo: ${FORGE_NAME}/${CI_REPO} registry: from_secret: container_registry tags: latest,${CI_COMMIT_SHA},${CI_COMMIT_TAG} username: from_secret: container_registry_username password: from_secret: container_registry_password dockerfile: Dockerfile when: - event: [push, tag] deploy: image: quay.io/wollud1969/woodpecker-helper:0.5.1 environment: KUBE_CONFIG_CONTENT: from_secret: kube_config commands: - export IMAGE_TAG=$CI_COMMIT_TAG - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig - export KUBECONFIG=/tmp/kubeconfig - ./deployment/deploy.sh when: - event: tag