type: docker
kind: pipeline
name: push

platform:
  os: linux
  arch: amd64

trigger:
  event:
    exclude:
      - promote
    include:
      - push
      - pull_request

volumes:
  - name: docker
    host:
      path: /var/run/docker.sock

node:
  instance: agent-amd64

steps:
  - name: build
    image: rancher/dapper:v0.6.0
    commands:
      - dapper ci
    environment:
      CROSS: "${DRONE_BUILD_EVENT}"
    privileged: true
    volumes:
      - name: docker
        path: /var/run/docker.sock

  - name: image-scan-head
    image: aquasec/trivy
    commands:
      - trivy image --no-progress --ignore-unfixed --severity HIGH,CRITICAL --scanners vuln --exit-code 1 cnrancher/kube-explorer:${DRONE_COMMIT:0:7}
    volumes:
      - name: docker
        path: /var/run/docker.sock
    when:
      event:
        - push
      ref:
        include:
          - "refs/heads/main"
          - "refs/heads/v*"

  - name: install-buildx-support
    image: tonistiigi/binfmt
    privileged: true
    entrypoint:
      - /usr/bin/binfmt
    command:
      - --install
      - all
    when:
      event:
        - push
      ref:
        include:
          - "refs/heads/main"
          - "refs/heads/v*"

  - name: docker-publish
    image: thegeeklab/drone-docker-buildx
    privileged: true
    settings:
      platforms: linux/amd64,linux/arm64/v8
      dockerfile: package/Dockerfile
      repo: cnrancher/kube-explorer
      tag: latest
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
    volumes:
      - name: docker
        path: /var/run/docker.sock
    when:
      event:
        - push
      ref:
        include:
          - "refs/heads/main"
          - "refs/heads/v*"

---
type: docker
kind: pipeline
name: tag

platform:
  os: linux
  arch: amd64

trigger:
  event:
    exclude:
      - promote
    include:
      - tag
  ref:
    include:
      - "refs/tags/*"

volumes:
  - name: docker
    host:
      path: /var/run/docker.sock

node:
  instance: agent-amd64

steps:
  - name: release
    image: rancher/dapper:v0.6.0
    commands:
      - dapper ci
    privileged: true
    environment:
      CROSS: "${DRONE_BUILD_EVENT}"
    volumes:
      - name: docker
        path: /var/run/docker.sock

  - name: install-buildx-support
    image: tonistiigi/binfmt
    privileged: true
    entrypoint:
      - /usr/bin/binfmt
    command:
      - --install
      - all

  - name: docker-publish
    image: thegeeklab/drone-docker-buildx
    privileged: true
    settings:
      platforms: linux/amd64,linux/arm64/v8
      dockerfile: package/Dockerfile
      repo: cnrancher/kube-explorer
      tag: ${DRONE_TAG}
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
    volumes:
      - name: docker
        path: /var/run/docker.sock

  - name: github_binary_release
    image: plugins/github-release
    settings:
      api_key:
        from_secret: github_token
      checksum:
        - sha256
      files:
        - "bin/*"
      title: "${DRONE_TAG}"
      overwrite: true