---
kind: pipeline
type: docker
name: default
steps:
  # prüfe ob secrets im Repo sind
  - name: run gitleaks
    image: plugins/gitleaks
    settings:
      path: .

  # linter für Dockerfiles
  # https://github.com/hadolint/hadolint/blob/master/docs/INTEGRATION.md
  - name: hadolint
    image: hadolint/hadolint:latest-debian
    # image: ghcr.io/hadolint/hadolint:latest-debian
    commands:
      - hadolint --version
      - hadolint  Dockerfile

  - name: docker_build_and_push
    image: plugins/docker
    settings:
      username:
        from_secret: OCI-REGISTRY-USER
      password:
        from_secret: OCI-REGISTRY-PASS
      dockerfile: Dockerfile
      repo: registry.mgrote.net/allzweckcontainer
      registry: registry.mgrote.net
      tags:
        - ${DRONE_COMMIT_SHA:0:8}
        - ${DRONE_COMMIT_BRANCH}
        - latest