Merge pull request 'Removed pull event from build stage' (#106) from test into main

Reviewed-on: #106

.drone.yml

@@ -1,10 +1,7 @@
+---
 kind: pipeline
 type: docker
-name: cicd-pipeline
-
-# Let Drone handle the clone automatically; it's faster and cleaner.
-clone:
-  depth: 1
+name: build-and-package
 
 steps:
   - name: build-test-publish
@@ -15,69 +12,57 @@ steps:
       - dotnet test --configuration Release --no-build
       - dotnet publish --configuration Release --no-build
 
-  # --- PACKAGE STAGE ---
-  # We build the image locally first so we can scan it BEFORE pushing
-  - name: docker-build
+  - name: docker-build-and-push
     image: plugins/docker
     settings:
       registry: nexus.khongisa.co.za
       repo: nexus.khongisa.co.za/webapitest
       tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-      # This builds the image and loads it into the local cache for scanning
-      dry_run: true 
-      # Set to false once you verify the scan passes, or see the step below
-
-  - name: docker-push
-    image: plugins/docker
-    settings:
-      registry: nexus.khongisa.co.za
-      repo: nexus.khongisa.co.za/webapitest
-      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
+      username: { from_secret: docker_username }
+      password: { from_secret: docker_password }
 
   - name: vulnerability-scan
-    image: nexus.khongisa.co.za/trivy:latest
+    image: aquasec/trivy:0.50.1
     environment:
-      # Trivy needs these to pull the image from your Nexus to scan it
-      TRIVY_USERNAME:
-        from_secret: docker_username
-      TRIVY_PASSWORD:
-        from_secret: docker_password
+      TRIVY_USERNAME: { from_secret: docker_username }
+      TRIVY_PASSWORD: { from_secret: docker_password }
     commands:
-      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
+      - trivy image --image-src remote --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
 
-  # --- DEPLOY STAGE ---
-  - name: deploy-uat
+trigger:
+  branch:
+    - main
+  event:
+    exclude:
+      - promote
+
+---
+kind: pipeline
+type: docker
+name: deploy-to-uat
+
+depends_on:
+  - build-and-package
+
+steps:
+  - name: uat-deployment
     image: appleboy/drone-ssh
     settings:
-      host: 
-        from_secret: ssh_host
-      username: 
-        from_secret: ssh_user
-      password: 
-        from_secret: ssh_password
+      host: { from_secret: ssh_host }
+      username: { from_secret: ssh_user }
+      password: { from_secret: ssh_password }
       script:
-        # Login to Nexus on the remote server
         - echo $DOCKER_PASSWORD | docker login nexus.khongisa.co.za -u $DOCKER_USERNAME --password-stdin
         - docker pull nexus.khongisa.co.za/webapitest:latest
-        # Standard Linux cleanup
         - docker stop webapi 2>/dev/null || true
         - docker rm webapi 2>/dev/null || true
         - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/webapitest:latest
     environment:
-      DOCKER_USERNAME:
-        from_secret: docker_username
-      DOCKER_PASSWORD:
-        from_secret: docker_password
+      DOCKER_USERNAME: { from_secret: docker_username }
+      DOCKER_PASSWORD: { from_secret: docker_password }
 
 trigger:
   event:
-    exclude:
     - promote
+  target:
+    - staging

Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
+FROM nexus.khongisa.co.za/aspnet:10.0 AS final
 WORKDIR /app
 
 USER app