main: push: - services: - docker stages: - name: docker login script: docker login -u ${CNB_TOKEN_USER_NAME} -p "${CNB_TOKEN}" ${CNB_DOCKER_REGISTRY} - name: docker build script: docker build -t ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1 . - name: docker push script: docker push ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1 # 匹配以 release 开头的分支名 release*: # 自定义按钮可触发的事件 web_trigger_one: stages: - name: 测试release script: echo "测试release" # 匹配以 dev 开头的分支名 dev*: web_trigger_two: stages: - name: 测试dev01 script: echo "测试dev01" web_trigger_three: stages: - name: 测试dev02 script: echo "测试dev02" # 匹配所有分支名 "**": web_trigger_four: - services: - docker stages: - name: 开始构建docker镜像 script: echo "开始构建docker镜像" - name: 登录仓库 script: docker login -u ${CNB_TOKEN_USER_NAME} -p "${CNB_TOKEN}" ${CNB_DOCKER_REGISTRY} - name: 构建镜像 script: docker build -t ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1 . - name: trivy镜像扫描 script: docker run --rm --name trivy docker.cnb.cool/srebro/docker-images/trivy:0.55.2 image ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1 --exit-code 1 --severity CRITICAL,HIGH - name: trivy镜像扫描结果 script: echo $? - name: 镜像推送 script: docker push ${CNB_DOCKER_REGISTRY}/${CNB_REPO_SLUG_LOWERCASE}:24.5.1