From 8ff0aa3e9498983ae252a5436e0ca7277b84c74a Mon Sep 17 00:00:00 2001
From: Kevin Midboe <kevin.midboe@gmail.com>
Date: Sun, 5 Nov 2023 01:17:56 +0100
Subject: [PATCH 1/2] Better tagging and templating

---
 .drone.yml                 | 11 +++++++++--
 .kubernetes/deployment.yml |  3 ++-
 .kubernetes/service.yml    |  1 +
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 4d0529f..97b9b61 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -33,7 +33,9 @@ steps:
         from_secret: GITHUB_USERNAME
       password:
         from_secret: GITHUB_PASSWORD
-      tags: latest
+      tags:
+        - latest
+        - ${DRONE_COMMIT_SHA}
     when:
       event:
         include:
@@ -42,6 +44,7 @@ steps:
           - pull_request
       branch:
         - main
+        - kube
 
 ---
 kind: pipeline
@@ -58,7 +61,10 @@ steps:
     commands:
       - mkdir -p /root/.kube
       - echo $KUBE_CONFIG | base64 -di > /root/.kube/config
-      - kubectl --kubeconfig=/root/.kube/config apply -f .kubernetes
+      - export IMAGE=ghcr.io/kevinmidboe/k9e.no:${DRONE_COMMIT_SHA}
+      - cat .kubernetes/*.yml
+        | envsubst -
+        | kubectl --kubeconfig=/root/.kube/config apply -f -
     environment:
       KUBE_CONFIG:
         from_secret: KUBE_CONFIG
@@ -70,6 +76,7 @@ steps:
           - pull_request
       branch:
         - main
+        - kube
 
 depends_on:
   - Build
diff --git a/.kubernetes/deployment.yml b/.kubernetes/deployment.yml
index 29c2875..408e1d4 100644
--- a/.kubernetes/deployment.yml
+++ b/.kubernetes/deployment.yml
@@ -1,3 +1,4 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -26,7 +27,7 @@ spec:
         app: k9e
     spec:
       containers:
-        - image: ghcr.io/kevinmidboe/k9e.no:latest
+        - image: ${IMAGE}
           imagePullPolicy: IfNotPresent
           name: k9e
           resources: {}
diff --git a/.kubernetes/service.yml b/.kubernetes/service.yml
index 5986f38..ca6ebeb 100644
--- a/.kubernetes/service.yml
+++ b/.kubernetes/service.yml
@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Service
 metadata:

From 81e75e46029ddf6a552f1b9b71cae54c42dde082 Mon Sep 17 00:00:00 2001
From: Kevin Midboe <kevin.midboe@gmail.com>
Date: Sun, 5 Nov 2023 21:36:39 +0100
Subject: [PATCH 2/2] Sign drone file for protected builds

---
 .drone.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 97b9b61..5f470a4 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -44,7 +44,6 @@ steps:
           - pull_request
       branch:
         - main
-        - kube
 
 ---
 kind: pipeline
@@ -76,7 +75,9 @@ steps:
           - pull_request
       branch:
         - main
-        - kube
 
 depends_on:
   - Build
+---
+kind: signature
+hmac: 996f43df0a29df7c3669a4f7c45e1514a205e0d7d15ebff6a59fc987947a3080