depends_on:
  - test

pipeline:
  buildNext:
    image: plugins/docker
    settings:
      #dry_run: true
      repo: ocram85/blog
      dockerfile: Dockerfile
      tags: next
      build_args:
        - NODE_BASE=lts-buster-slim
        - NGINX_BASE=1.23.1-alpine
      username:
        from_secret: hub_user
      password:
        from_secret: hub_passwd
    when:
      event: pull_request

  buildNextGitea:
    image: plugins/docker
    settings:
      #dry_run: true
      registry: gitea.ocram85.com
      repo: gitea.ocram85.com/ocram85/blog
      dockerfile: Dockerfile
      tags: next
      build_args:
        - NODE_BASE=lts-buster-slim
        - NGINX_BASE=1.23.1-alpine
      username:
        from_secret: gitea_user
      password:
        from_secret: gitea_passwd
    when:
      event: pull_request

  trivyNext:
    image: aquasec/trivy:0.24.3
    commands:
      - |
        trivy image \
          --severity UNKNOWN,LOW,MEDIUM \
          --no-progress \
          ocram85/blog:next
      - |
        trivy image \
          --exit-code 1 \
          --severity HIGH,CRITICAL \
          --no-progress \
          ocram85/blog:next
    when:
      event: pull_request

  triggerPortainer:
    image: ocram85/portainer-serviceupdate
    settings:
      #VERBOSE: true
      URI: "https://portainer.ocram85.com"
      TOKEN:
        from_secret: NEXT_TOKEN
    when:
      event: pull_request