.github/workflows/build-verify.yml

name: build-verify-package
on:
  push:
    paths-ignore:
      #- '.github/**'
      - '.gitignore'
      - 'LICENSE'
      - '*.md'
  pull_request:
    paths-ignore:
      - '.github/**'
      - '.gitignore'
      - 'LICENSE'
      - '*.md'
permissions:
  contents: read
  id-token: write # needed for signing the images with GitHub OIDC Token

jobs:
  build-verify-package:
    runs-on: ubuntu-latest
    environment: Build
    steps:
      - name: Get current date
        id: date
        #run: echo "::set-output name=date::$(date +'%Y-%m-%dT%H:%M:%S')"
        run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
        
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Set environment for branch
        run: |
          set -x
          if [[ $GITHUB_REF == 'refs/heads/master' ]]; then
            echo "IMAGE_TAG=nightly" >> "$GITHUB_ENV"
            echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
          elif [[ $GITHUB_REF == "refs/tags/$GITHUB_REF_NAME" ]]; then
            echo "IMAGE_TAG=$GITHUB_REF_NAME" >> "$GITHUB_ENV"
            echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
          else
            echo "PACKAGE_IMAGE=false" >> "$GITHUB_ENV"
          fi

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.7.0

      - name: Set up QEMU
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        uses: docker/setup-buildx-action@v3

      - name: Login to Quay.io and Docker Hub registries and setup multi-arch builder
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        run: |
          echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
          echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin docker.io
          BUILDER=buildx-multi-arch
          docker buildx inspect $BUILDER || docker buildx create --name=$BUILDER --driver=docker-container --driver-opt=network=host

      - name: Build and push container image
        id: build-and-push
        uses: docker/build-push-action@v6.10.0
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        with:
          context: .
          sbom: true
          push: true
          provenance: mode=max
          platforms: linux/amd64,linux/arm64
          builder: buildx-multi-arch
          file: Dockerfile
          labels: |
            org.opencontainers.image.revision=${GITHUB_SHA}
            org.opencontainers.image.created=${{ steps.date.outputs.date }}
          tags: quay.io/microcks/microcks-hub:${{env.IMAGE_TAG}},docker.io/microcks/microcks-hub:${{env.IMAGE_TAG}}

      - name: Sign the image with GitHub OIDC Token
        env:
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
          TAGS: quay.io/microcks/microcks-hub:${{env.IMAGE_TAG}} docker.io/microcks/microcks-hub:${{env.IMAGE_TAG}}
          COSIGN_EXPERIMENTAL: "true"
        run: |
          images=""
          for tag in ${TAGS}; do
            images+="${tag}@${DIGEST} "
          done
          cosign sign --yes ${images}
            