72345a5129
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
go.mod declares go 1.26.1; docker build was failing with "go.mod requires go >= 1.26.1 (running go 1.22.12; GOTOOLCHAIN=local)" - Dockerfile: golang:1.22-alpine → golang:1.26-alpine - .woodpecker.yml: test image 1.22-alpine → 1.26-alpine; gosec image 1.22-bookworm → 1.26-bookworm - CLAUDE.md: update stack note to Go 1.26+ Co-Authored-By: Paperclip <noreply@paperclip.ing>
97 lines
2.4 KiB
YAML
97 lines
2.4 KiB
YAML
steps:
|
|
- name: lint
|
|
image: golangci/golangci-lint:latest
|
|
commands:
|
|
- golangci-lint run ./...
|
|
|
|
- name: test
|
|
image: golang:1.26-alpine
|
|
commands:
|
|
- go test ./...
|
|
|
|
- name: semgrep
|
|
image: semgrep/semgrep:latest
|
|
commands:
|
|
- >
|
|
semgrep scan --config auto --error
|
|
--exclude-rule go.lang.security.audit.net.cookie-missing-secure.cookie-missing-secure
|
|
--exclude-rule go.lang.security.audit.net.unescaped-data-in-url.unescaped-data-in-url
|
|
--exclude-rule go.lang.security.audit.xss.template-html-does-not-escape.unsafe-template-type
|
|
--exclude-rule html.security.audit.missing-integrity.missing-integrity
|
|
.
|
|
when:
|
|
- event: [push, pull_request]
|
|
|
|
- name: gosec
|
|
image: golang:1.26-bookworm
|
|
commands:
|
|
- go install github.com/securego/gosec/v2/cmd/gosec@latest
|
|
- gosec -exclude=G120,G706,G101,G115,G203,G124 ./...
|
|
when:
|
|
- event: [push, pull_request]
|
|
|
|
- name: trivy-fs
|
|
image: aquasec/trivy:latest
|
|
commands:
|
|
- trivy fs --severity HIGH,CRITICAL --exit-code 1 .
|
|
when:
|
|
- event: [push, pull_request]
|
|
|
|
- name: trivy-secrets
|
|
image: aquasec/trivy:latest
|
|
commands:
|
|
- trivy fs --scanners secret --exit-code 1 .
|
|
when:
|
|
- event: [push, pull_request]
|
|
|
|
- name: build-and-push
|
|
image: woodpeckerci/plugin-docker-buildx
|
|
settings:
|
|
repo: git.sds.dev/cast/cast-ghl-provider
|
|
registry: git.sds.dev
|
|
tag:
|
|
- ${CI_COMMIT_SHA:0:8}
|
|
- latest
|
|
username:
|
|
from_secret: registry_user
|
|
password:
|
|
from_secret: registry_password
|
|
when:
|
|
- branch: main
|
|
event: push
|
|
|
|
- name: deploy
|
|
image: appleboy/drone-ssh
|
|
settings:
|
|
host:
|
|
from_secret: deploy_host
|
|
username:
|
|
from_secret: deploy_user
|
|
key:
|
|
from_secret: deploy_ssh_key
|
|
script:
|
|
- bash /opt/cast-ghl-provider/deploy/deploy.sh
|
|
when:
|
|
- branch: main
|
|
event: push
|
|
|
|
- name: notify-telegram
|
|
image: appleboy/drone-telegram
|
|
settings:
|
|
token:
|
|
from_secret: telegram_bot_token
|
|
to:
|
|
from_secret: telegram_chat_id
|
|
message: >
|
|
{{#success build.status}}✅{{else}}❌{{/success}} **{{repo.name}}**
|
|
|
|
Branch: `{{commit.branch}}`
|
|
|
|
Status: **{{build.status}}**
|
|
|
|
Commit: `{{commit.message}}`
|
|
|
|
{{build.link}}
|
|
when:
|
|
- status: [success, failure]
|