From 50ee81ae5b7427991ecbe6902b2b3e05365c18b7 Mon Sep 17 00:00:00 2001 From: Andrey Arapov Date: Wed, 11 Jul 2018 11:06:54 +0200 Subject: [PATCH] push to private regitsry and analyze by clair --- .drone.yml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 65a08d2..163f4ca 100644 --- a/.drone.yml +++ b/.drone.yml @@ -18,12 +18,16 @@ pipeline: # volumes: # - /tmp/drone-cache:/cache + # drone secret update --name docker_username --value arno --event push --event tag --event deployment arno/hipchat + # drone secret update --name docker_password --value "$(pass show vps/registry.nixaid.com | head -1)" --event push --event tag --event deployment arno/hipchat publish: image: plugins/docker:17.12 - repo: andrey01/${DRONE_REPO_NAME} + # repo: andrey01/${DRONE_REPO_NAME} + registry: registry.nixaid.com + repo: registry.nixaid.com/andrey01/${DRONE_REPO_NAME} tags: - latest - - ${DRONE_COMMIT_SHA:0:7} + # - ${DRONE_COMMIT_SHA:0:7} # group: docker # dockerfile: Dockerfile secrets: [docker_username, docker_password] @@ -34,6 +38,24 @@ pipeline: event: [push, tag] branch: master + # ca_cert comes from /srv/data/registry/certs/ca.crt + claircheck: + # image: jmccann/drone-clair:1 + image: andrey01/drone-clair + url: http://clair:6060 + secrets: [ docker_username, docker_password ] + scan_image: registry.nixaid.com/andrey01/${DRONE_REPO_NAME}:latest + ca_cert: | + -----BEGIN CERTIFICATE----- + MIIBOjCB4KADAgECAgkAzhpbLWXa4H0wCgYIKoZIzj0EAwIwEDEOMAwGA1UEAwwF + bXktQ0EwHhcNMTgwNzA5MjIzMTAzWhcNMjgwNzA2MjIzMTAzWjAQMQ4wDAYDVQQD + DAVteS1DQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFIE8bTfQ76U5qG/Xgjw + BbQU0oRJLYlRxBIWF9MTNSJr2LoaoyrU8jrcWQGRrfKPoVuwUJWp2tp5SJy0AHH7 + 4fijIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKkMAoGCCqGSM49 + BAMCA0kAMEYCIQCYbTbxRD2yX4LzGjh84fKPWPQM9ps8RE2nfwZjqdRUGgIhAOHb + USigh6FzqEPk2jiaV3t1wNtChRWRfupTKG6CD345 + -----END CERTIFICATE----- + rebuild_cache: image: drillster/drone-volume-cache:latest rebuild: true