webapitest/.drone.yml

kind: pipeline
type: docker
name: cicd-pipeline

clone:
  depth: 1

steps:
  - name: build-test-publish
    image: nexus.khongisa.co.za/sdk:10.0
    commands:
      - dotnet restore --source https://nexus.khongisa.co.za/repository/nuget-group/index.json --no-cache
      - dotnet build --configuration Release --no-restore
      - dotnet test --configuration Release --no-build
      - dotnet publish --configuration Release --no-build

  - name: docker-build
    image: plugins/docker
    settings:
      registry: nexus.khongisa.co.za
      repo: nexus.khongisa.co.za/webapitest
      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      dry_run: true 

  - name: docker-push
    image: plugins/docker
    settings:
      registry: nexus.khongisa.co.za
      repo: nexus.khongisa.co.za/webapitest
      tags: [ "${DRONE_BUILD_NUMBER}", "latest" ]
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password

  - name: vulnerability-scan
    image: aquasec/trivy:0.50.1
    environment:
      TRIVY_USERNAME:
        from_secret: docker_username
      TRIVY_PASSWORD:
        from_secret: docker_password
    commands:
      - trivy image --exit-code 1 --severity CRITICAL nexus.khongisa.co.za/webapitest:${DRONE_BUILD_NUMBER}

  - name: deploy-uat
    image: appleboy/drone-ssh
    settings:
      host: 
        from_secret: ssh_host
      username: 
        from_secret: ssh_user
      password: 
        from_secret: ssh_password
      script:
        - echo $DOCKER_PASSWORD | docker login nexus.khongisa.co.za -u $DOCKER_USERNAME --password-stdin
        - docker pull nexus.khongisa.co.za/webapitest:latest
        - docker stop webapi 2>/dev/null || true
        - docker rm webapi 2>/dev/null || true
        - docker run -d --name webapi --restart unless-stopped -e ASPNETCORE_ENVIRONMENT=Development -p 4000:8081 nexus.khongisa.co.za/webapitest:latest
    environment:
      DOCKER_USERNAME:
        from_secret: docker_username
      DOCKER_PASSWORD:
        from_secret: docker_password

trigger:
  event:
    exclude:
      - promote