Merge pull request 'Ensured donet publish and release are not ignored' (#85) from test into main

Reviewed-on: #85

.drone.yml

@@ -1,68 +1,82 @@
----
 kind: pipeline
 type: docker
-name: build-and-package
+name: cicd-pipeline
+
+# Let Drone handle the clone automatically; it's faster and cleaner.
+clone:
+  depth: 1
 
 steps:
-  - name: build-test-publish
+  # --- BUILD & TEST STAGE ---
-    image: nexus.khongisa.co.za/sdk:10.0
+  - name: build-and-test
+    image: mcr.microsoft.com/dotnet/sdk:10.0
     commands:
-      - dotnet restore --source https://nexus.khongisa.co.za/repository/nuget-group/index.json --no-cache
+      - dotnet build --configuration Release
-      - dotnet build --configuration Release --no-restore
+      - dotnet test --configuration Release
-      - dotnet test --configuration Release --no-build
-      - dotnet publish --configuration Release --no-build
 
-  - name: docker-build-and-push
+  # --- PACKAGE STAGE ---
+  # We build the image locally first so we can scan it BEFORE pushing
+  - name: docker-build
     image: plugins/docker
     settings:
       registry: nexus.khongisa.co.za
-      repo: nexus.khongisa.co.za/webapitest
+      repo: nexus.khongisa.co.za/mngomalab/webapitest
       tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
-      username: { from_secret: docker_username }
+      username:
-      password: { from_secret: docker_password }
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      # This builds the image and loads it into the local cache for scanning
+      dry_run: true 
+      # Set to false once you verify the scan passes, or see the step below
 
   - name: vulnerability-scan
-    image: aquasec/trivy:0.50.1
+    image: aquasec/trivy
     environment:
-      TRIVY_USERNAME: { from_secret: docker_username }
+      # Trivy needs these to pull the image from your Nexus to scan it
-      TRIVY_PASSWORD: { from_secret: docker_password }
+      TRIVY_USERNAME:
+        from_secret: docker_username
+      TRIVY_PASSWORD:
+        from_secret: docker_password
     commands:
-      - trivy image --image-src remote --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}
+      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/mngomalab/webapitest:${DRONE_BUILD_NUMBER}
 
-trigger:
+  - name: docker-push
-  branch:
+    image: plugins/docker
-    - main
+    settings:
-  event:
+      registry: nexus.khongisa.co.za
-    exclude:
+      repo: nexus.khongisa.co.za/mngomalab/webapitest
-      - promote
+      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
 
----
+  # --- DEPLOY STAGE ---
-kind: pipeline
+  - name: deploy-uat
-type: docker
-name: deploy-to-uat
-
-depends_on:
-  - build-and-package
-
-steps:
-  - name: uat-deployment
     image: appleboy/drone-ssh
     settings:
-      host: { from_secret: ssh_host }
+      host: 
-      username: { from_secret: ssh_user }
+        from_secret: ssh_host
-      password: { from_secret: ssh_password }
+      username: 
+        from_secret: ssh_user
+      password: 
+        from_secret: ssh_password
       script:
+        # Login to Nexus on the remote server
         - echo $DOCKER_PASSWORD | docker login nexus.khongisa.co.za -u $DOCKER_USERNAME --password-stdin
-        - docker pull nexus.khongisa.co.za/webapitest:latest
+        - docker pull nexus.khongisa.co.za/mngomalab/webapitest:latest
+        # Standard Linux cleanup
         - docker stop webapi 2>/dev/null || true
         - docker rm webapi 2>/dev/null || true
-        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/webapitest:latest
+        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/mngomalab/webapitest:latest
     environment:
-      DOCKER_USERNAME: { from_secret: docker_username }
+      DOCKER_USERNAME:
-      DOCKER_PASSWORD: { from_secret: docker_password }
+        from_secret: docker_username
+      DOCKER_PASSWORD:
+        from_secret: docker_password
 
 trigger:
   event:
-    - promote
+    exclude:
-  target:
+      - promote
-    - staging

Dockerfile

@@ -1,4 +1,4 @@
-FROM nexus.khongisa.co.za/aspnet:10.0 AS final
+FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS final
 WORKDIR /app
 
 USER app