patrick/drone-publish-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

update drone file
Some checks failed
continuous-integration/drone/push Build encountered an error
Details
continuous-integration/drone/tag Build is failing
Details

Browse Source
This commit is contained in:
Patrick Gniza
2025-11-08 17:16:26 +01:00
parent 344afb8c81
commit 4869e2a08f
1 changed files with 27 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.drone.yml
View File

@@ -25,42 +25,53 @@ steps:
- VERSION_TAG="v$DRONE_BUILD_NUMBER" - VERSION_TAG="v$DRONE_BUILD_NUMBER"
- IMAGE_NAME="public/drone-publish-tool" - IMAGE_NAME="public/drone-publish-tool"
- IMAGE_FULL="$REGISTRY_URL/$IMAGE_NAME:$VERSION_TAG" - IMAGE_FULL="$REGISTRY_URL/$IMAGE_NAME:$VERSION_TAG"
- echo "Building image $IMAGE_FULL ..." - echo "Building image $IMAGE_FULL ..."
- docker build -t $IMAGE_FULL . - docker build -t $IMAGE_FULL .
- docker tag $IMAGE_FULL $REGISTRY_URL/$IMAGE_NAME:latest - docker tag $IMAGE_FULL $REGISTRY_URL/$IMAGE_NAME:latest
- echo "Pushing images to $REGISTRY_URL ..." - echo "Pushing images to $REGISTRY_URL ..."
- docker push $IMAGE_FULL - docker push $IMAGE_FULL
- docker push $REGISTRY_URL/$IMAGE_NAME:latest - docker push $REGISTRY_URL/$IMAGE_NAME:latest
- DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $IMAGE_FULL)
- echo "VERSION_TAG=$VERSION_TAG" >> build.env - echo "VERSION_TAG=$VERSION_TAG" >> build.env
- echo "IMAGE_FULL=$IMAGE_FULL" >> build.env - echo "IMAGE_FULL=$IMAGE_FULL" >> build.env
- echo "IMAGE_DIGEST=$DIGEST" >> build.env
- echo "✅ Build and push complete." - echo "✅ Build and push complete."
outputs:
- build.env
- name: export-env
image: alpine:3.20
commands:
- echo "=== 📦 Loading build.env into environment ==="
- export $(cat build.env | xargs)
- echo "IMAGE_DIGEST=$IMAGE_DIGEST" >> /drone/env
- echo "IMAGE_FULL=$IMAGE_FULL" >> /drone/env
- echo "VERSION_TAG=$VERSION_TAG" >> /drone/env
depends_on:
- build-and-push
# -------------------------------------------------- # --------------------------------------------------
# 2⃣ Sign Image with Cosign (Secret-Key aus Variable) # 2⃣ Sign Image with Cosign (Secret-Key aus Variable)
# -------------------------------------------------- # --------------------------------------------------
- name: sign-image - name: sign-image
image: gcr.io/projectsigstore/cosign:v2.4.0 image: gcr.io/projectsigstore/cosign:v2.4.0
entrypoint: ["cosign"]
commands:
- "sign"
- "--yes"
- "--key"
- "env://COSIGN_KEY"
- "$${IMAGE_DIGEST}"
environment: environment:
COSIGN_KEY: COSIGN_KEY:
from_secret: COSIGN_KEY from_secret: COSIGN_KEY
COSIGN_PASSWORD: COSIGN_PASSWORD:
from_secret: COSIGN_PASSWORD from_secret: COSIGN_PASSWORD
REGISTRY_URL: depends_on:
from_secret: REGISTRY_URL - export-env
DOCKER_USER:
from_secret: DOCKER_USER
DOCKER_PASS:
from_secret: DOCKER_PASS
commands:
- echo "=== 🔏 Signing image with Cosign ==="
- . build.env
- echo "$DOCKER_PASS" | cosign login --username "$DOCKER_USER" --password-stdin "$REGISTRY_URL"
# 🔐 Cosign-Key aus Secret in temporäre Datei schreiben
- echo "$COSIGN_KEY" > /tmp/cosign.key
- chmod 600 /tmp/cosign.key
- cosign sign --yes --key /tmp/cosign.key "$IMAGE_FULL"
- shred -u /tmp/cosign.key || rm -f /tmp/cosign.key
- echo "✅ Image successfully signed."
# -------------------------------------------------- # --------------------------------------------------
# 3⃣ Create Gitea Release # 3⃣ Create Gitea Release