---
kind: secret
name: docker_username
get:
  path: odit-registry-builder
  name: username

---
kind: secret
name: docker_password
get:
  path: odit-registry-builder
  name: password

---
kind: secret
name: cosign_key
get:
  path: cosign
  name: cosign.key

---
kind: secret
name: cosign_password
get:
  path: cosign
  name: cosign.password

---
kind: pipeline
type: kubernetes
name: build:latest
steps:
  - name: docker release
    image: registry.odit.services/library/drone-kaniko
    user: 0
    settings:
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      repo: library/drone-kaniko
      tags:
        - latest
      registry: registry.odit.services
  - name: sign_image
    image: registry.odit.services/hub/library/alpine:edge
    commands:
      - apk add cosign docker
      - echo $COSIGN_KEY | sed 's/<br>/\n/g' > cosign.key
      - echo $DOCKER_PASSWORD | docker login registry.odit.services -u $DOCKER_USERNAME --password-stdin
      - "cosign sign --key cosign.key registry.odit.services/library/drone-kaniko:latest"
    environment:
      COSIGN_KEY:
        from_secret: cosign_key
      COSIGN_PASSWORD:
        from_secret: cosign_password
      DOCKER_PASSWORD:
        from_secret: docker_password
      DOCKER_USERNAME:
        from_secret: docker_username
trigger:
  branch:
    - main
  event:
    - push