woodpecker config

2026-01-25 18:20:46 +00:00 · 2026-01-25 18:20:46 +00:00 · d088e76c51
commit d088e76c51
parent 862ebb90e8
1 changed files with 29 additions and 29 deletions
--- a/.woodpecker/share-lt-build.yaml
+++ b/.woodpecker/share-lt-build.yaml
@ -34,32 +34,32 @@ steps:
      - trivy image --format cyclonedx --output trivy-vuln-bom.json share-lt:test
      - echo "Vulnerability Summary:"
      - trivy image --format table share-lt:test | tee trivy-vuln-summary.txt
-publish:
+  publish:
-    image: woodpeckerci/plugin-docker-buildx
+      image: woodpeckerci/plugin-docker-buildx
-    settings:
+      settings:
-      registry: quay.io
+        registry: quay.io
-      repo: quay.io/marshyon/share-lt
+        repo: quay.io/marshyon/share-lt
-      platforms: linux/amd64
+        platforms: linux/amd64
-      # Using the direct image name for local cache and escaped registry for remote
+        # Using the direct image name for local cache and escaped registry for remote
-      cache_from:
+        cache_from:
-        - "share-lt:test"
+          - "share-lt:test"
-        - "type=registry,ref=quay.io/marshyon/share-lt:latest"
+          - "type=registry,ref=quay.io/marshyon/share-lt:latest"
-      tags:
+        tags:
-        - v0.0.2
+          - v0.0.2
-        - latest
+          - latest
-      username:
+        username:
-        from_secret: QUAY_USERNAME
+          from_secret: QUAY_USERNAME
-      password:
+        password:
-        from_secret: QUAY_PASSWORD
+          from_secret: QUAY_PASSWORD
-upload-sbom:
+  upload-sbom:
-    image: cgr.dev/chainguard/cosign:latest
+      image: cgr.dev/chainguard/cosign:latest
-    volumes:
+      volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+        - /var/run/docker.sock:/var/run/docker.sock
-    environment:
+      environment:
-      COSIGN_REGISTRY_USERNAME:
+        COSIGN_REGISTRY_USERNAME:
-        from_secret: QUAY_USERNAME
+          from_secret: QUAY_USERNAME
-      COSIGN_REGISTRY_PASSWORD:
+        COSIGN_REGISTRY_PASSWORD:
-        from_secret: QUAY_PASSWORD
+          from_secret: QUAY_PASSWORD
-    commands:
+      commands:
-      - cosign attach sbom --sbom sbom.json quay.io/marshyon/share-lt:v0.0.2 || echo "SBOM attach failed"
+        - cosign attach sbom --sbom sbom.json quay.io/marshyon/share-lt:v0.0.2 || echo "SBOM attach failed"
-      - echo "Done - trivy report saved to workspace for manual review"
+        - echo "Done - trivy report saved to workspace for manual review"