Upgraded packages and refactored the pipeline

.drone.yml

@@ -1,102 +1,59 @@
----
 kind: pipeline
 type: docker
-name: build
+name: cicd-pipeline
-trigger:
-  event:
-    exclude:
-      - promote
 
+# Let Drone handle the clone automatically; it's faster and cleaner.
 clone:
-  disable: true
+  depth: 1
 
 steps:
-  - name: checkout
+  # --- BUILD & TEST STAGE ---
-    image: alpine/git
+  - name: build-and-test
-    commands:
-      - git clone https://gitea.khongisa.co.za/MngomaLab/webapitest.git .
-      - git checkout ${DRONE_COMMIT}
-
-  - name: dotnet build
     image: mcr.microsoft.com/dotnet/sdk:10.0
     commands:
       - dotnet build --configuration Release
-
-  - name: dotnet test
-    image: mcr.microsoft.com/dotnet/sdk:10.0
-    commands:
       - dotnet test --configuration Release
----
-x-docker-auth: &docker-auth
-  DOCKER_AUTH_CONFIG: |
-    {
-      "auths": {
-        "https://index.docker.io/v1/": {
-          "auth": "a2h3ZXppOlBHM0FRM0VPMFg="
-        }
-      }
-    }
 
-kind: pipeline
+  # --- PACKAGE STAGE ---
-type: docker
+  # We build the image locally first so we can scan it BEFORE pushing
-name: package
+  - name: docker-build
-depends_on:
+    image: plugins/docker
-  - build
+    settings:
-trigger:
+      registry: nexus.khongisa.co.za
-  event:
+      repo: nexus.khongisa.co.za/mngomalab/webapitest
-    exclude:
+      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
-      - promote
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      # This builds the image and loads it into the local cache for scanning
+      dry_run: true 
+      # Set to false once you verify the scan passes, or see the step below
 
-clone:
+  - name: vulnerability-scan
-  disable: true
-
-steps:
-  - name: checkout
-    image: alpine/git
-    commands:
-      - git clone https://gitea.khongisa.co.za/MngomaLab/webapitest.git .
-      - git checkout ${DRONE_COMMIT}
-  
-  - name: dotnet publish
-    image: mcr.microsoft.com/dotnet/sdk:10.0
-    commands:
-      - dotnet publish --configuration Release
-
-
-  - name: build and push
-    image: gcr.io/kaniko-project/executor:debug
-    environment:
-      <<: *docker-auth
-    commands:
-      - mkdir -p /kaniko/.docker
-      - echo "$DOCKER_AUTH_CONFIG" > /kaniko/.docker/config.json
-      - /kaniko/executor 
-          --verbosity=debug
-          --context=. 
-          --dockerfile=Dockerfile 
-          --destination=index.docker.io/khwezi/webapitest:latest 
-          --destination=index.docker.io/khwezi/webapitest:${DRONE_BUILD_NUMBER}
-
-  - name: volnerability scan
     image: aquasec/trivy
+    environment:
+      # Trivy needs these to pull the image from your Nexus to scan it
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
     commands:
-      - trivy image --exit-code 1 --timeout 15m --severity CRITICAL khwezi/webapitest:${DRONE_BUILD_NUMBER}
+      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/mngomalab/webapitest:${DRONE_BUILD_NUMBER}
----
-kind: pipeline
-type: docker
-name: deploy
-depends_on:
-  - package
-trigger:
-  event:
-    exclude:
-      - promote
 
-clone:
+  - name: docker-push
-  disable: true
+    image: plugins/docker
+    settings:
+      registry: nexus.khongisa.co.za
+      repo: nexus.khongisa.co.za/mngomalab/webapitest
+      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
 
-steps:
+  # --- DEPLOY STAGE ---
-  - name: uat
+  - name: deploy-uat
     image: appleboy/drone-ssh
     settings:
       host: 
@@ -106,7 +63,20 @@ steps:
       password: 
         from_secret: ssh_password
       script:
-        - docker pull khwezi/webapitest:latest
+        # Login to Nexus on the remote server
-        - docker stop webapi 2>NUL || echo "Container not running"
+        - echo $DOCKER_PASSWORD | docker login nexus.khongisa.co.za -u $DOCKER_USERNAME --password-stdin
-        - docker rm webapi 2>NUL || echo "Container not found"
+        - docker pull nexus.khongisa.co.za/mngomalab/webapitest:latest
-        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 khwezi/webapitest:latest
+        # Standard Linux cleanup
+        - docker stop webapi 2>/dev/null || true
+        - docker rm webapi 2>/dev/null || true
+        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/mngomalab/webapitest:latest
+    environment:
+      DOCKER_USERNAME:
+        from_secret: docker_username
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+
+trigger:
+  event:
+    exclude:
+      - promote

SampleApi/SampleApi.csproj

@@ -9,8 +9,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.23.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+    <PackageReference Include="Polly" Version="8.6.6" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7" />
   </ItemGroup>
 
 </Project>