name: Build, Package and Push Images
run-name: ${{ gitea.actor }} is building the Server application
on: [push]

jobs:
  preprocess:
    runs-on: ubuntu-latest
    outputs:
      sanitized_branch_name: ${{ steps.sanitize.outputs.sanitized_branch_name }}
    steps:
    - name: Sanitize branch name
      id: sanitize
      run: echo "::set-output name=sanitized_branch_name::$(echo ${{ github.ref_name }} | sed 's/\//-/g')"

  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        dotnet-version: 8.0
    - name: Install dependencies
      run: dotnet restore
    - name: Build
      run: |
        dotnet build Server -c Release
      #         dotnet test Server.Tests -c Release

  sonarqube:
    needs: build
    runs-on: ubuntu-latest
    if: github.ref_name == 'master'
    steps:
    - uses: actions/checkout@v3
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        dotnet-version: 8.0
    - name: Install dependencies
      run: |
        dotnet restore
        echo "::add-path::$HOME/.dotnet/tools"
    - name: Setup Sonarqube Dependencies
      run: |
        apt-get update
        apt-get install --yes openjdk-11-jre
        dotnet tool install --global dotnet-sonarscanner
        dotnet tool install --global dotnet-coverage
    - name: Sonarqube Begin
      run: |
        dotnet sonarscanner begin /key:"${{ secrets.SONAR_PROJECT_KEY }}" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}"
    - name: Sonarqube Scan
      run: |
        dotnet build Server -c Release
      #         dotnet test --collect "Code Coverage" --logger trx --results-directory "TestsResults"
      #         dotnet-coverage collect 'dotnet test' -f xml  -o 'coverage.xml'
    - name: Sonarqube End
      run: |
        dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

  sbom-scan:
    needs: build
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        dotnet-version: |
          7.0
          8.0
    - name: Install dependencies
      run: |
        dotnet restore
        echo "::add-path::$HOME/.dotnet/tools"
    - name: Setup Dependency Track Dependencies
      run: |
        dotnet tool install --global CycloneDX
    - name: Generate SBOM
      run: |
        dotnet CycloneDX Server/Server.csproj -o . -dgl
    - name: Upload SBOM
      uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
      with:
        apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
        serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
        projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}
        autoCreate: true
          # set projectversion to be the branch name
        projectVersion: ${{ github.ref_name }}
        bomFilename: ${{ github.workspace }}/bom.xml

  container-build:
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest
    needs: [build, preprocess]
    steps:
    - uses: actions/checkout@v3
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        dotnet-version: 8.0
      # Add support for more platforms with QEMU (optional)
      # https://github.com/docker/setup-qemu-action
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v3
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3
    - name: Login to Docker Hub
      uses: docker/login-action@v3
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.actor }}
        password: ${{ secrets.REGISTRY_TOKEN }}
    - name: Build and push
      uses: docker/build-push-action@v5
      with:
        context: .
        file: Server/Dockerfile
        push: true
        tags: forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
        platforms: linux/amd64,linux/arm64
    - name: Build and push to latest
      if: github.ref_name == 'master'
      uses: docker/build-push-action@v5
      with:
        context: .
        file: Server/Dockerfile
        push: true
        tags: forge.rainote.dev/${{ github.repository }}:latest
        platforms: linux/amd64, linux/arm64

  container-sbom-scan:
    needs: [container-build, preprocess]
    runs-on: ubuntu-latest
    container: catthehacker/ubuntu:act-latest
    steps:
    - uses: actions/checkout@v3
    - name: Setup dotnet
      uses: https://github.com/actions/setup-dotnet@v3
      with:
        dotnet-version: 8.0
    - name: Install dependencies
      run: |
        dotnet restore
        echo "::add-path::$HOME/.dotnet/tools"
    - name: Setup Dependency Track Dependencies
      run: |
        mkdir ~/.docker
        curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
    - name: Login to Docker Hub
      uses: docker/login-action@v3
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.actor }}
        password: ${{ secrets.REGISTRY_TOKEN }}
    - name: Generate SBOM
      run: |
        echo forge.rainote.dev/${{ github.repository }}
        echo forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
        docker pull forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }}
        docker sbom -D forge.rainote.dev/${{ github.repository }}:${{ needs.preprocess.outputs.sanitized_branch_name  }} --format cyclonedx-json --output container-bom.json
    - name: Upload SBOM
      uses: https://github.com/DependencyTrack/gh-upload-sbom@v2.0.1
      with:
        apiKey: ${{ secrets.DEPENDENCY_TRACK_API_KEY }}
        serverHostname: ${{ secrets.DEPENDENCY_TRACK_URL }}
        projectName: ${{ secrets.DEPENDENCY_TRACK_PROJECT_NAME }}-container
        autoCreate: true
          # set projectversion to be the branch name
        projectVersion: ${{ github.ref_name }}
        bomFilename: ${{ github.workspace }}/container-bom.json