diff --git a/.woodpecker/api.yml b/.woodpecker/api.yml index 90ef697..9918e32 100644 --- a/.woodpecker/api.yml +++ b/.woodpecker/api.yml @@ -143,18 +143,16 @@ steps: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} - CI_COMMIT_SHA: ${CI_COMMIT_SHA} commands: - *kaniko_setup - | - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:${CI_COMMIT_SHA:0:8}" - if [ "$CI_COMMIT_BRANCH" = "main" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-api:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-api:dev" - fi + DESTINATIONS="" if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-api:$CI_COMMIT_TAG" + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:$CI_COMMIT_TAG" + elif [ "$CI_COMMIT_BRANCH" = "main" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:latest" + elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:dev" fi /kaniko/executor --context . --dockerfile apps/api/Dockerfile $DESTINATIONS when: @@ -172,14 +170,22 @@ steps: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token - CI_COMMIT_SHA: ${CI_COMMIT_SHA} + CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} + CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | + if [ -n "$$CI_COMMIT_TAG" ]; then + SCAN_TAG="$$CI_COMMIT_TAG" + elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then + SCAN_TAG="latest" + else + SCAN_TAG="dev" + fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \ --ignorefile .trivyignore \ - git.mosaicstack.dev/mosaic/stack-api:$${CI_COMMIT_SHA:0:8} + git.mosaicstack.dev/mosaic/stack-api:$$SCAN_TAG when: - branch: [main, develop] event: [push, manual, tag] diff --git a/.woodpecker/coordinator.yml b/.woodpecker/coordinator.yml index 828c686..8bce34e 100644 --- a/.woodpecker/coordinator.yml +++ b/.woodpecker/coordinator.yml @@ -84,18 +84,16 @@ steps: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} - CI_COMMIT_SHA: ${CI_COMMIT_SHA} commands: - *kaniko_setup - | - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:${CI_COMMIT_SHA:0:8}" - if [ "$CI_COMMIT_BRANCH" = "main" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-coordinator:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-coordinator:dev" - fi + DESTINATIONS="" if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-coordinator:$CI_COMMIT_TAG" + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:$CI_COMMIT_TAG" + elif [ "$CI_COMMIT_BRANCH" = "main" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:latest" + elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:dev" fi /kaniko/executor --context apps/coordinator --dockerfile apps/coordinator/Dockerfile $DESTINATIONS when: @@ -117,14 +115,22 @@ steps: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token - CI_COMMIT_SHA: ${CI_COMMIT_SHA} + CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} + CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | + if [ -n "$$CI_COMMIT_TAG" ]; then + SCAN_TAG="$$CI_COMMIT_TAG" + elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then + SCAN_TAG="latest" + else + SCAN_TAG="dev" + fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \ --ignorefile .trivyignore \ - git.mosaicstack.dev/mosaic/stack-coordinator:$${CI_COMMIT_SHA:0:8} + git.mosaicstack.dev/mosaic/stack-coordinator:$$SCAN_TAG when: - branch: [main, develop] event: [push, manual, tag] diff --git a/.woodpecker/infra.yml b/.woodpecker/infra.yml index fc2a8b2..230bfbc 100644 --- a/.woodpecker/infra.yml +++ b/.woodpecker/infra.yml @@ -28,18 +28,16 @@ steps: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} - CI_COMMIT_SHA: ${CI_COMMIT_SHA} commands: - *kaniko_setup - | - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:${CI_COMMIT_SHA:0:8}" - if [ "$CI_COMMIT_BRANCH" = "main" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-postgres:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-postgres:dev" - fi + DESTINATIONS="" if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-postgres:$CI_COMMIT_TAG" + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:$CI_COMMIT_TAG" + elif [ "$CI_COMMIT_BRANCH" = "main" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:latest" + elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:dev" fi /kaniko/executor --context docker/postgres --dockerfile docker/postgres/Dockerfile $DESTINATIONS when: @@ -55,18 +53,16 @@ steps: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} - CI_COMMIT_SHA: ${CI_COMMIT_SHA} commands: - *kaniko_setup - | - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:${CI_COMMIT_SHA:0:8}" - if [ "$CI_COMMIT_BRANCH" = "main" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-openbao:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-openbao:dev" - fi + DESTINATIONS="" if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-openbao:$CI_COMMIT_TAG" + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:$CI_COMMIT_TAG" + elif [ "$CI_COMMIT_BRANCH" = "main" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:latest" + elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:dev" fi /kaniko/executor --context docker/openbao --dockerfile docker/openbao/Dockerfile $DESTINATIONS when: @@ -82,14 +78,22 @@ steps: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token - CI_COMMIT_SHA: ${CI_COMMIT_SHA} + CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} + CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | + if [ -n "$$CI_COMMIT_TAG" ]; then + SCAN_TAG="$$CI_COMMIT_TAG" + elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then + SCAN_TAG="latest" + else + SCAN_TAG="dev" + fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \ --ignorefile .trivyignore \ - git.mosaicstack.dev/mosaic/stack-postgres:$${CI_COMMIT_SHA:0:8} + git.mosaicstack.dev/mosaic/stack-postgres:$$SCAN_TAG when: - branch: [main, develop] event: [push, manual, tag] @@ -103,14 +107,22 @@ steps: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token - CI_COMMIT_SHA: ${CI_COMMIT_SHA} + CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} + CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | + if [ -n "$$CI_COMMIT_TAG" ]; then + SCAN_TAG="$$CI_COMMIT_TAG" + elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then + SCAN_TAG="latest" + else + SCAN_TAG="dev" + fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \ --ignorefile .trivyignore \ - git.mosaicstack.dev/mosaic/stack-openbao:$${CI_COMMIT_SHA:0:8} + git.mosaicstack.dev/mosaic/stack-openbao:$$SCAN_TAG when: - branch: [main, develop] event: [push, manual, tag] diff --git a/.woodpecker/orchestrator.yml b/.woodpecker/orchestrator.yml index 2d15af5..0640c7b 100644 --- a/.woodpecker/orchestrator.yml +++ b/.woodpecker/orchestrator.yml @@ -100,18 +100,16 @@ steps: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} - CI_COMMIT_SHA: ${CI_COMMIT_SHA} commands: - *kaniko_setup - | - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:${CI_COMMIT_SHA:0:8}" - if [ "$CI_COMMIT_BRANCH" = "main" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-orchestrator:dev" - fi + DESTINATIONS="" if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-orchestrator:$CI_COMMIT_TAG" + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:$CI_COMMIT_TAG" + elif [ "$CI_COMMIT_BRANCH" = "main" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest" + elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:dev" fi /kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile $DESTINATIONS when: @@ -129,14 +127,22 @@ steps: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token - CI_COMMIT_SHA: ${CI_COMMIT_SHA} + CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} + CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | + if [ -n "$$CI_COMMIT_TAG" ]; then + SCAN_TAG="$$CI_COMMIT_TAG" + elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then + SCAN_TAG="latest" + else + SCAN_TAG="dev" + fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \ --ignorefile .trivyignore \ - git.mosaicstack.dev/mosaic/stack-orchestrator:$${CI_COMMIT_SHA:0:8} + git.mosaicstack.dev/mosaic/stack-orchestrator:$$SCAN_TAG when: - branch: [main, develop] event: [push, manual, tag] diff --git a/.woodpecker/web.yml b/.woodpecker/web.yml index d3f38a1..e2f51c3 100644 --- a/.woodpecker/web.yml +++ b/.woodpecker/web.yml @@ -111,18 +111,16 @@ steps: from_secret: gitea_token CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_TAG: ${CI_COMMIT_TAG} - CI_COMMIT_SHA: ${CI_COMMIT_SHA} commands: - *kaniko_setup - | - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:${CI_COMMIT_SHA:0:8}" - if [ "$CI_COMMIT_BRANCH" = "main" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-web:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-web:dev" - fi + DESTINATIONS="" if [ -n "$CI_COMMIT_TAG" ]; then - DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/stack-web:$CI_COMMIT_TAG" + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:$CI_COMMIT_TAG" + elif [ "$CI_COMMIT_BRANCH" = "main" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:latest" + elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then + DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:dev" fi /kaniko/executor --context . --dockerfile apps/web/Dockerfile --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS when: @@ -140,14 +138,22 @@ steps: from_secret: gitea_username GITEA_TOKEN: from_secret: gitea_token - CI_COMMIT_SHA: ${CI_COMMIT_SHA} + CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} + CI_COMMIT_TAG: ${CI_COMMIT_TAG} commands: - | + if [ -n "$$CI_COMMIT_TAG" ]; then + SCAN_TAG="$$CI_COMMIT_TAG" + elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then + SCAN_TAG="latest" + else + SCAN_TAG="dev" + fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed \ --ignorefile .trivyignore \ - git.mosaicstack.dev/mosaic/stack-web:$${CI_COMMIT_SHA:0:8} + git.mosaicstack.dev/mosaic/stack-web:$$SCAN_TAG when: - branch: [main, develop] event: [push, manual, tag]