--- # AutoJanet CI Pipeline # Builds and pushes two images to Harbor: # - registry.ctz.fyi/library/autojanet-agent:latest (+ git SHA tag) # - registry.ctz.fyi/library/autojanet-dispatcher:latest (+ git SHA tag) # Triggered on push to mainline or semver tags. when: - event: push branch: mainline - event: tag ref: refs/tags/v* steps: # ── Agent image ───────────────────────────────────────────────────────────── - name: build-agent image: woodpeckerci/plugin-docker-buildx settings: registry: registry.ctz.fyi repo: registry.ctz.fyi/library/autojanet-agent dockerfile: container/Dockerfile context: . username: from_secret: RS_HARBOR_USER password: from_secret: RS_HARBOR_PASS tags: - latest - "${CI_COMMIT_SHA:0:12}" platforms: linux/amd64 when: - event: push branch: mainline - event: tag # ── Dispatcher image ───────────────────────────────────────────────────────── - name: build-dispatcher image: woodpeckerci/plugin-docker-buildx settings: registry: registry.ctz.fyi repo: registry.ctz.fyi/library/autojanet-dispatcher dockerfile: container/Dockerfile.dispatcher context: . username: from_secret: RS_HARBOR_USER password: from_secret: RS_HARBOR_PASS tags: - latest - "${CI_COMMIT_SHA:0:12}" platforms: linux/amd64 when: - event: push branch: mainline - event: tag # ── Trivy scan agent image ─────────────────────────────────────────────────── - name: trivy-agent image: aquasec/trivy:latest commands: - trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed registry.ctz.fyi/library/autojanet-agent:${CI_COMMIT_SHA:0:12} environment: TRIVY_USERNAME: from_secret: RS_HARBOR_USER TRIVY_PASSWORD: from_secret: RS_HARBOR_PASS when: - event: push branch: mainline - event: tag failure: ignore # warn only — don't block on upstream CVEs in base image