---
kind: pipeline
type: docker
name: deploy
steps:
  # build images
  - name: build-and-publish-image
    image: plugins/docker
    settings:
      registry: 192.168.17.110
      repo: 192.168.17.110/study_group/ric-app-hw
      dockerfile: Dockerfile
      tags: 1.0.6
      username:
        from_secret: harbor_username
      password: 
        from_secret: harbor_password
      insecure : true
      storage_driver: vfs
  # scan
  - name: sast_scan
    image: prlab/sast_scan
    volumes:
      - name: cache
        path: /home/reports/

    commands:
      - python3 /usr/local/src/scan --type python,yaml,dockerfile,kubernetes  --src ./ -o /home/reports     

  - name: code-analysis
    image: prlab/drone-sonar
    settings:
      SONAR_HOST:
        from_secret: sonar_host
      SONAR_TOKEN:
        from_secret: sonar_token
  - name: dependency-check-py
    image: prlab/dependency-check-py
    volumes:
      - name: cache
        path: /home/reports

  - name: scp
    image: appleboy/drone-scp
    volumes:
      - name: cache
        path: /home/reports/
    settings:
      host:
        from_secret: ssh_host
      username:
        from_secret: ssh_username
      password:
        from_secret: ssh_password
      port : 22
      target: /home/oran/Downloads/drone_reports
      source: /home/reports/
    depends_on: ["sast_scan", "code-analysis", "dependency-check-py"]

  # deploy
  - name: ssh_to_deploy
    image: ghcr.io/appleboy/drone-ssh
    settings:
      host:
        - 192.168.0.22
      username:
        from_secret: ssh_username
      password:
        from_secret: ssh_password
      port: 22
      command_timeout: 30s
      script:
        - cd /root/drone/
        - if [ ! -d ${DRONE_REPO_NAME} ];then git clone ${DRONE_REPO_LINK}; fi
        - cd /root/xAppSec
        - ./xAppSec -c /root/drone/${DRONE_REPO_NAME}/init/config-file.json /root/drone/${DRONE_REPO_NAME}/init/schema.json &> /root/drone/log
    depends_on: ["scp"]


volumes:
  - name: cache
    temp: {}