steps: - name: lint image: golangci/golangci-lint:latest commands: - golangci-lint run ./... - name: test image: golang:1.26-alpine commands: - go test ./... - name: semgrep image: semgrep/semgrep:latest commands: - > semgrep scan --config auto --error --exclude-rule go.lang.security.audit.net.cookie-missing-secure.cookie-missing-secure --exclude-rule go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url --exclude-rule go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type --exclude-rule html.security.audit.missing-integrity.missing-integrity . when: - event: [push, pull_request] - name: gosec image: golang:1.26-bookworm commands: - go install github.com/securego/gosec/v2/cmd/gosec@latest - gosec -exclude=G120,G706,G101,G115,G203,G124 ./... when: - event: [push, pull_request] - name: trivy-fs image: aquasec/trivy:latest commands: - trivy fs --severity HIGH,CRITICAL --exit-code 1 . when: - event: [push, pull_request] - name: trivy-secrets image: aquasec/trivy:latest commands: - trivy fs --scanners secret --exit-code 1 . when: - event: [push, pull_request] - name: build-and-push image: woodpeckerci/plugin-docker-buildx settings: repo: git.sds.dev/cast/cast-ghl-provider registry: git.sds.dev tag: - ${CI_COMMIT_SHA:0:8} - latest username: from_secret: registry_user password: from_secret: registry_password when: - branch: main event: push - name: deploy image: appleboy/drone-ssh settings: host: from_secret: deploy_host username: from_secret: deploy_user key: from_secret: deploy_ssh_key script: - bash /opt/cast-ghl-provider/deploy/deploy.sh when: - branch: main event: push - name: notify-telegram image: appleboy/drone-telegram settings: token: from_secret: telegram_bot_token to: from_secret: telegram_chat_id message: > {{#success build.status}}✅{{else}}❌{{/success}} **{{repo.name}}** Branch: `{{commit.branch}}` Status: **{{build.status}}** Commit: `{{commit.message}}` {{build.link}} when: - status: [success, failure]