pipeline:
  build:
    image: golang:1.10-alpine
    environment:
      - CGO_ENABLED=0
      - GOPATH=/drone
    commands:
      - set -x
      - apk add --update --no-cache git
      - go test -v -cover -coverprofile=coverage.out
      - go build -ldflags "-s -w -X main.revision=$(git rev-parse HEAD)" -a

  restore_cache:
    image: drillster/drone-volume-cache:latest
    restore: true
    mount:
      - /drone/docker
    # Set the ``DRONE_VOLUME=/tmp/drone-cache:/cache`` drone-server variable,
    # so you can benefit from the caching.
    # Otherwise you will have to make this repository trusted in Drone and use
    # the volumes as follows.
    # volumes:
    #   - /tmp/drone-cache:/cache

  # drone repo add arno/drone-clair
  # drone secret add/update --name docker_username --value arno --event push --event tag --event deployment arno/drone-clair
  # drone secret add/update --name docker_password --value "$(pass show vps/registry.nixaid.com | head -1)" --event push --event tag --event deployment arno/drone-clair
  publish:
    image: plugins/docker:17.12
    # repo: andrey01/${DRONE_REPO_NAME}
    registry: registry.nixaid.com
    repo: registry.nixaid.com/arno/${DRONE_REPO_NAME}
    tags:
      - latest
      # - ${DRONE_COMMIT_SHA:0:7}
    # group: docker
    # dockerfile: Dockerfile
    secrets: [docker_username, docker_password]
    # Since we restore the docker image cache to /drone/docker
    storage_path: /drone/docker
    use_cache: true
    # storage_driver: overlay2
    when:
      event: [push, tag]
      branch: master

  rebuild_cache:
    image: drillster/drone-volume-cache:latest
    rebuild: true
    mount:
      - /drone/docker
    # Set the ``DRONE_VOLUME=/tmp/drone-cache:/cache`` drone-server variable,
    # so you can benefit from the caching.
    # Otherwise you will have to make this repository trusted in Drone and use
    # the volumes as follows.
    # volumes:
    #   - /tmp/drone-cache:/cache

  # ca_cert comes from /srv/data/registry/certs/ca.crt
  claircheck:
    # image: jmccann/drone-clair:1
    image: andrey01/drone-clair
    url: http://clair:6060
    secrets: [ docker_username, docker_password ]
    # ignore errors for now. This will work only in drone 0.9 https://github.com/drone/drone-runtime/commit/3e8bd99f60f4032226523320cd2b2321f9525159
    err_ignore: true
    scan_image: registry.nixaid.com/arno/${DRONE_REPO_NAME}:latest
    ca_cert: |
      -----BEGIN CERTIFICATE-----
      MIIBOjCB4KADAgECAgkAzhpbLWXa4H0wCgYIKoZIzj0EAwIwEDEOMAwGA1UEAwwF
      bXktQ0EwHhcNMTgwNzA5MjIzMTAzWhcNMjgwNzA2MjIzMTAzWjAQMQ4wDAYDVQQD
      DAVteS1DQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFIE8bTfQ76U5qG/Xgjw
      BbQU0oRJLYlRxBIWF9MTNSJr2LoaoyrU8jrcWQGRrfKPoVuwUJWp2tp5SJy0AHH7
      4fijIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKkMAoGCCqGSM49
      BAMCA0kAMEYCIQCYbTbxRD2yX4LzGjh84fKPWPQM9ps8RE2nfwZjqdRUGgIhAOHb
      USigh6FzqEPk2jiaV3t1wNtChRWRfupTKG6CD345
      -----END CERTIFICATE-----

  notify:
    image: drillster/drone-email:latest
    from: Drone CI <noreply@nixaid.com>
    subject: NIXAID Drone Pipeline {{#success build.status}}SUCCESS{{else}}FAILURE{{/success}} Notification
    host: mail.nixaid.com
    port: 587
    # username: arno
    # secrets: [ email_username, email_password ]
    # recipients: [ andrey.arapov@nixaid.com ]
    when:
      status: [success, failure] # changed
      event: [push, tag]