Upgraded packages and refactored the pipeline

2026-04-04 14:53:33 +02:00
parent a8ad599af2
commit 52e24bb8f2
2 changed files with 60 additions and 89 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,102 +1,59 @@
---
 kind: pipeline
 type: docker
-name: build
-trigger:
-  event:
-    exclude:
-      - promote
+name: cicd-pipeline

+# Let Drone handle the clone automatically; it's faster and cleaner.
 clone:
-  disable: true
+  depth: 1

 steps:
-  - name: checkout
-    image: alpine/git
-    commands:
-      - git clone https://gitea.khongisa.co.za/MngomaLab/webapitest.git .
-      - git checkout ${DRONE_COMMIT}
-
-  - name: dotnet build
+  # --- BUILD & TEST STAGE ---
+  - name: build-and-test
    image: mcr.microsoft.com/dotnet/sdk:10.0
    commands:
      - dotnet build --configuration Release
-
-  - name: dotnet test
-    image: mcr.microsoft.com/dotnet/sdk:10.0
-    commands:
      - dotnet test --configuration Release
---
-x-docker-auth: &docker-auth
-  DOCKER_AUTH_CONFIG: |
-    {
-      "auths": {
-        "https://index.docker.io/v1/": {
-          "auth": "a2h3ZXppOlBHM0FRM0VPMFg="
-        }
-      }
-    }

-kind: pipeline
-type: docker
-name: package
-depends_on:
-  - build
-trigger:
-  event:
-    exclude:
-      - promote
+  # --- PACKAGE STAGE ---
+  # We build the image locally first so we can scan it BEFORE pushing
+  - name: docker-build
+    image: plugins/docker
+    settings:
+      registry: nexus.khongisa.co.za
+      repo: nexus.khongisa.co.za/mngomalab/webapitest
+      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      # This builds the image and loads it into the local cache for scanning
+      dry_run: true 
+      # Set to false once you verify the scan passes, or see the step below

-clone:
-  disable: true
-
-steps:
-  - name: checkout
-    image: alpine/git
-    commands:
-      - git clone https://gitea.khongisa.co.za/MngomaLab/webapitest.git .
-      - git checkout ${DRONE_COMMIT}
-  
-  - name: dotnet publish
-    image: mcr.microsoft.com/dotnet/sdk:10.0
-    commands:
-      - dotnet publish --configuration Release
-
-
-  - name: build and push
-    image: gcr.io/kaniko-project/executor:debug
-    environment:
-      <<: *docker-auth
-    commands:
-      - mkdir -p /kaniko/.docker
-      - echo "$DOCKER_AUTH_CONFIG" > /kaniko/.docker/config.json
-      - /kaniko/executor 
-          --verbosity=debug
-          --context=. 
-          --dockerfile=Dockerfile 
-          --destination=index.docker.io/khwezi/webapitest:latest 
-          --destination=index.docker.io/khwezi/webapitest:${DRONE_BUILD_NUMBER}
-
-  - name: volnerability scan
+  - name: vulnerability-scan
    image: aquasec/trivy
+    environment:
+      # Trivy needs these to pull the image from your Nexus to scan it
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
    commands:
-      - trivy image --exit-code 1 --timeout 15m --severity CRITICAL khwezi/webapitest:${DRONE_BUILD_NUMBER}
---
-kind: pipeline
-type: docker
-name: deploy
-depends_on:
-  - package
-trigger:
-  event:
-    exclude:
-      - promote
+      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/mngomalab/webapitest:${DRONE_BUILD_NUMBER}

-clone:
-  disable: true
+  - name: docker-push
+    image: plugins/docker
+    settings:
+      registry: nexus.khongisa.co.za
+      repo: nexus.khongisa.co.za/mngomalab/webapitest
+      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password

-steps:
-  - name: uat
+  # --- DEPLOY STAGE ---
+  - name: deploy-uat
    image: appleboy/drone-ssh
    settings:
      host: 
@@ -106,7 +63,20 @@ steps:
      password: 
        from_secret: ssh_password
      script:
-        - docker pull khwezi/webapitest:latest
-        - docker stop webapi 2>NUL || echo "Container not running"
-        - docker rm webapi 2>NUL || echo "Container not found"
-        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 khwezi/webapitest:latest
+        # Login to Nexus on the remote server
+        - echo $DOCKER_PASSWORD | docker login nexus.khongisa.co.za -u $DOCKER_USERNAME --password-stdin
+        - docker pull nexus.khongisa.co.za/mngomalab/webapitest:latest
+        # Standard Linux cleanup
+        - docker stop webapi 2>/dev/null || true
+        - docker rm webapi 2>/dev/null || true
+        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/mngomalab/webapitest:latest
+    environment:
+      DOCKER_USERNAME:
+        from_secret: docker_username
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+
+trigger:
+  event:
+    exclude:
+      - promote
--- a/SampleApi/SampleApi.csproj
+++ b/SampleApi/SampleApi.csproj
@@ -9,8 +9,9 @@
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.19.6" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.23.0" />
+    <PackageReference Include="Polly" Version="8.6.6" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7" />
  </ItemGroup>

 </Project>