name: Build Docker image
run-name: ${{ gitea.actor }} is running the CI pipeline
on:
  push:
    branches:
      - main
  schedule:
    - cron: "0 22 1 * *" # First of every month

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Get date for image label
        id: date
        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker-container

      - name: Login to Docker Registry
        uses: docker/login-action@v3
        with:
          registry: git.orebolt.cz
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Build and push image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: "${{ vars.DOCKER_IMAGE }}:latest,${{ vars.DOCKER_IMAGE }}:${{ steps.date.outputs.date }}"
          platforms: linux/amd64
          cache-to: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache"
          cache-from: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache"
          labels: |
            org.opencontainers.image.created=${{ steps.date.outputs.date }}
            org.opencontainers.image.authors=Roman Krček
            org.opencontainers.image.source=${{ env.GITHUB_REPOSITORY }}
            org.opencontainers.image.revision=${{ env.GITHUB_SHA }}
            org.opencontainers.image.vendor=Orebolt.cz
            org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
            org.opencontainers.image.title=ESN Code Scanner App

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.24.0
        with:
          image-ref: '${{ vars.DOCKER_IMAGE }}:latest'
          format: 'table'