init

.drone.yml

+kind: pipeline
+type: ssh
+name: onboard_check_deploy
+  server: 192.168.0.22
+  user: oran
+  ssh_key:
+    from_secret: rsa_key
+
+clone:
+  disable: true
+
+
+
+steps:
+  - name: clone 
+    environment:
+      KEY:
+        from_secret: ssh_key
+    commands:
+      - echo "hello" > /tmp/hello
+
+

Dockerfile

+FROM ubuntu:20.04
+
+
+RUN apt update && \
+	apt install python3 python3-pip git -y
+
+
+# Install veinmind to scan docker image
+RUN apt-get install -y ca-certificates
+RUN echo 'deb [trusted=yes] https://download.veinmind.tech/libveinmind/apt/ ./' | tee /etc/apt/sources.list.d/libveinmind.list
+RUN apt-get update && apt-get install -y libveinmind-dev
+
+# install docker 
+RUN apt update \
+    && apt install -y ca-certificates openssh-client \
+    wget curl iptables supervisor \
+    && rm -rf /var/lib/apt/list/*
+ENV DOCKER_CHANNEL=stable \
+	DOCKER_VERSION=24.0.2 \
+	DOCKER_COMPOSE_VERSION=v2.18.1 \
+	BUILDX_VERSION=v0.10.4 \
+	DEBUG=false
+
+RUN set -eux; \
+	\
+	arch="$(uname -m)"; \
+	case "$arch" in \
+        # amd64
+		x86_64) dockerArch='x86_64' ; buildx_arch='linux-amd64' ;; \
+        # arm32v6
+		armhf) dockerArch='armel' ; buildx_arch='linux-arm-v6' ;; \
+        # arm32v7
+		armv7) dockerArch='armhf' ; buildx_arch='linux-arm-v7' ;; \
+        # arm64v8
+		aarch64) dockerArch='aarch64' ; buildx_arch='linux-arm64' ;; \
+		*) echo >&2 "error: unsupported architecture ($arch)"; exit 1 ;;\
+	esac; \
+	\
+	if ! wget -O docker.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-${DOCKER_VERSION}.tgz"; then \
+		echo >&2 "error: failed to download 'docker-${DOCKER_VERSION}' from '${DOCKER_CHANNEL}' for '${dockerArch}'"; \
+		exit 1; \
+	fi; \
+	\
+	tar --extract \
+		--file docker.tgz \
+		--strip-components 1 \
+		--directory /usr/local/bin/ \
+	; \
+	rm docker.tgz; \
+	if ! wget -O docker-buildx "https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.${buildx_arch}"; then \
+		echo >&2 "error: failed to download 'buildx-${BUILDX_VERSION}.${buildx_arch}'"; \
+		exit 1; \
+	fi; \
+	mkdir -p /usr/local/lib/docker/cli-plugins; \
+	chmod +x docker-buildx; \
+	mv docker-buildx /usr/local/lib/docker/cli-plugins/docker-buildx; \
+	\
+	dockerd --version; \
+	docker --version; \
+	docker buildx version
+
+VOLUME /var/lib/docker
+
+# Docker compose installation
+RUN curl -L "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \
+	&& chmod +x /usr/local/bin/docker-compose && docker-compose version
+
+
+
+
+WORKDIR /root
+
+# pull 
+RUN git clone https://github.com/andrewli315/xAppSec
+
+# Add Execution Privilege
+RUN cd xAppSec && chmod +x ./xAppSec
+
+# install python package
+RUN python3 -m pip install -r /root/xAppSec/Image_Security_Module/requirements.txt
+
+
+COPY ./entrypoint.sh /root/entrypoint.sh
+RUN chmod +x /root/entrypoint.sh
+CMD ["/root/entrypoint.sh"]
+

entrypoint.sh

+#!/bin/bash
+
+# check docker daemon is attach to container
+if [ ! -f "/var/run/docker.sock"]; then
+	echo "Docker is not running"
+	echo "Please attach host docker sock file to container"
+	exit
+else
+	# pull docker image
+	docker pull prlab/quorum
+	cd /root/xAppSec
+	#./xAppSec prlab/quorum
+
+fi
+/bin/bash