name: CD

# Controls when the action will run.
on:
  # Triggers the workflow on push on the master branch
  push:
    branches:
      - master
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
  schedule:
    - cron:  '0 0 * * *'
# Remove all permissions by default
permissions: {}
env:
  BASENAME: bitnami/minideb
  LATEST: trixie
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  shellcheck:
    # The type of runner that the job will run on
    runs-on: ubuntu-24.04
    if: github.event_name != 'schedule' || github.repository == 'bitnami/minideb'
    name: Shellcheck
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Install Dependencies
        run: |
          sudo apt-get -qq update
          sudo apt-get install -y shellcheck
      - name: Verify scripts with shellcheck
        run: |
          bash shellcheck
  build_multiarch:
    runs-on: ${{ matrix.arch.platform }}
    needs: [ shellcheck ]
    strategy:
      matrix:
        dist: [bullseye, bookworm, trixie]
        arch:
          - { name: amd64, platform: ubuntu-24.04 }
          - { name: arm64, platform: ubuntu-24.04-arm }
    name: Build ${{ matrix.dist }} on ${{ matrix.arch.name }}
    steps:
      - name: Check out repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Use local build action
        id: build
        uses: ./.github/actions/build
        with:
          dist: "${{ matrix.dist }}"
          platform: "${{ matrix.arch.name }}"
          is_latest: ${{ matrix.dist == env.LATEST }}
      - name: Push to DockerHUB
        if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          DOCKER_REGISTRY: docker.io
          DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
        run: |
          bash pushone "${{ matrix.dist }}" "${{ matrix.arch.name }}"
          if ${{ matrix.dist == env.LATEST }} ; then
             bash pushone "latest" "${{ matrix.arch.name }}"
          fi
  deploy_manifests:
    runs-on: ubuntu-24.04
    needs: [ build_multiarch ]
    if: github.repository == 'bitnami/minideb' && github.ref == 'refs/heads/master'

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
      - name: Push Manifests to DockerHUB
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          DOCKER_REGISTRY: docker.io
        run: |
          DISTS="bullseye bookworm trixie latest" bash pushmanifest
  # If the CI Pipeline does not succeed we should notify the interested agents
  notify:
    name: Send notification
    needs:
      - build_multiarch
      - deploy_manifests
    if: ${{ always() && github.repository == 'bitnami/minideb' && (needs.build_multiarch.result == 'failure' || needs.deploy_manifests.result == 'failure') }}
    uses: bitnami/support/.github/workflows/gchat-notification.yml@main
    with:
      workflow: ${{ github.workflow }}
      job-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
      emoji: '🐧'
    secrets:
      webhook-url: ${{ secrets.GCHAT_CONTENT_ALERTS_WEBHOOK_URL }}