# This is a basic workflow to help you get started with Actions

name: CI

# Controls when the action will run.
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    branches:
      - master
  pull_request:

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
  schedule:
    - cron:  '0 0 * * *'
env:
  BASENAME: bitnami/minideb
  LATEST: bullseye
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  shellcheck:
    # The type of runner that the job will run on
    runs-on: ubuntu-20.04
    name: Shellcheck
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2
      - name: Install Dependencies
        run: |
          sudo apt-get -qq update
          sudo apt-get install -y shellcheck
      - name: Verify scripts with shellcheck
        run: |
          bash shellcheck

  build_multiarch:
    runs-on: ubuntu-20.04
    needs: [ shellcheck ]
    strategy:
      matrix:
        dist: [buster, bullseye]
        arch: [amd64, arm64]

    name: Build ${{ matrix.dist }} on ${{ matrix.arch }}
    steps:
      - name: Check out repository
        uses: actions/checkout@v2
      - name: Use local build action
        id: build
        uses: ./.github/actions/build
        with:
          dist: "${{ matrix.dist }}"
          platform: "${{ matrix.arch }}"
          is_latest: ${{ matrix.dist == env.LATEST }}
          build_snapshot: ${{ matrix.dist == env.LATEST }}
      - name: Push
        if: github.ref == 'refs/heads/master'
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
          QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
          QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
          GCR_EMAIL: ${{ secrets.GCR_EMAIL }}
          GCR_KEY: ${{ secrets.GCR_KEY }}
          GCR_TOKEN: ${{ secrets.GCR_TOKEN }}
          DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
        run: |
          bash pushone "${{ matrix.dist }}" "${{ matrix.arch }}"
          if ${{ matrix.dist == env.LATEST }} ; then
             bash pushone "latest" "${{ matrix.arch }}"
          fi
          if ${{ matrix.dist == env.LATEST }} ; then
             bash pushone "${{ matrix.dist }}-snapshot-${{ steps.build.outputs.snapshot-id }}" "${{ matrix.arch }}"
          fi

  deploy_manifests:
    runs-on: ubuntu-20.04
    needs: [ build_multiarch ]
    if: github.ref == 'refs/heads/master'
    env:
      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
      QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
      GCR_EMAIL: ${{ secrets.GCR_EMAIL }}
      GCR_KEY: ${{ secrets.GCR_KEY }}
      GCR_TOKEN: ${{ secrets.GCR_TOKEN }}
      DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
      DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
    steps:
      - uses: actions/checkout@v2
      - name: Push Manifests
        run: |
          DISTS="buster bullseye latest" bash pushmanifest