name: PR Workflow
run-name: ${{ gitea.actor }} PR related workflow
on:
  pull_request:
    paths-ignore:
      - Wiki/**
      - Benchmarks/**
      - .run/**

jobs:
  preprocess:
    runs-on: ubuntu-latest
    outputs:
      sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }}
    steps:
      - name: Sanitize branch name
        id: sanitize
        run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')"

  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup dotnet
        uses: https://github.com/actions/setup-dotnet@v3
        with:
          global-json-file: global.json
      - name: Install dependencies
        run: dotnet restore
      - name: Build
        run: |
          dotnet build Continuity.AuthServer -c Release

  sbom-scan:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup dotnet
        uses: https://github.com/actions/setup-dotnet@v3
        with:
          global-json-file: global.json
      - name: Install dependencies
        run: |
          dotnet restore
          echo "::add-path::$HOME/.dotnet/tools"
      - name: Setup Dependency Track Dependencies
        run: |
          dotnet tool install --global CycloneDX
      - name: Generate SBOM
        run: |
          dotnet CycloneDX Continuity.AuthServer/Continuity.AuthServer.csproj -o . -dgl
      - name: Upload SBOM
        uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
        with:
          apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
          serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
          projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
          autoCreate: true
          # set projectversion to be the branch name
          projectVersion: ${{ github.ref_name }}
          bomFilename: ${{ github.workspace }}/bom.xml

  container-build:
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
    needs: [ build, preprocess ]
    steps:
      - uses: actions/checkout@v4
      - name: Setup dotnet
        uses: https://github.com/actions/setup-dotnet@v3
        with:
          global-json-file: global.json
          # Add support for more platforms with QEMU (optional)
          # https://github.com/docker/setup-qemu-action
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: ${{ github.server_url }}
          username: ${{ github.actor }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          file: Continuity.AuthServer/Dockerfile
          push: true
          tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
          platforms: linux/amd64,linux/arm64
      - name: Build and push to latest
        if: github.ref_name == 'master'
        uses: docker/build-push-action@v5
        with:
          context: .
          file: Continuity.AuthServer/Dockerfile
          push: true
          tags: forge.rainote.dev/${{ github.repository }}:latest
          platforms: linux/amd64, linux/arm64

  container-sbom-scan:
    needs: [ container-build, preprocess ]
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
    steps:
      - uses: actions/checkout@v4
      - name: Setup dotnet
        uses: https://github.com/actions/setup-dotnet@v3
        with:
          global-json-file: global.json
      - name: Install dependencies
        run: |
          dotnet restore
          echo "::add-path::$HOME/.dotnet/tools"
      - name: Setup Dependency Track Dependencies
        run: |
          mkdir ~/.docker
          curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: ${{ github.server_url }}
          username: ${{ github.actor }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: Generate SBOM
        run: |
          echo forge.rainote.dev/${{ github.repository }}
          echo forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
          docker pull forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
          docker sbom -D forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }} --format cyclonedx-json --output container-bom.json
      - name: Upload SBOM
        uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
        with:
          apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
          serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
          projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container
          autoCreate: true
          # set projectversion to be the branch name
          projectVersion: ${{ github.ref_name }}
          bomFilename: ${{ github.workspace }}/container-bom.json

  generate-licences:
    needs: [ build, preprocess ]
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest@sha256:5f2ff408985b10de9da4a8ea735b7f07d4f98c61608180ebb8964deb37f7580a
    steps:
      - uses: actions/checkout@v4
      - name: Setup dotnet
        uses: https://github.com/actions/setup-dotnet@v3
        with:
          dotnet-version: |
            7.0
            8.0
      - name: Install dependencies
        run: |
          dotnet restore
          echo "::add-path::$HOME/.dotnet/tools"
      - name: Install nuget-license
        run: dotnet tool install --global dotnet-project-licenses
      - name: Export licenses
        run: dotnet-project-licenses -i . -u --projects-filter projects_ignore_licenses.json -m -j -e -f licenses
      - name: Upload licenses
        uses: actions/upload-artifact@v3
        with:
          name: licenses
          path: licenses
          retention-days: 31