name: "lint, build and push"
on:
  schedule:
    - cron: "5 3 * * SUN"
  push:
    branches: [ master ]
  pull_request:

# Variables: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables

jobs:
  gitleaks:
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run Gitleaks
        uses: docker://zricethezav/gitleaks:v8.18.4
        with:
          args: detect --no-git --verbose --source ${{ github.workspace }}

  hadolint:
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run hadolint
        uses: docker://pipelinecomponents/hadolint:0.26.4
        with:
          args: hadolint Dockerfile

#  shellcheck: # https://github.com/marketplace/actions/shellcheck
#    steps:
#      - name: Checkout code
#        uses: actions/checkout@v4
#      - name: Run ShellCheck
#        uses: sudo-bot/action-shellcheck@latest
#        with:
#          cli-args: "shell.sh"

  build:
    steps:
      - uses: https://github.com/actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
#      - name: Login to Docker Hub
#        uses: docker/login-action@v3
#        with:
#          username: ${{ secrets.DOCKERHUB_USERNAME }}
#          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Extract repository name
        id: meta
        run: |
          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
      - name: Extract branch name
        shell: bash
        run: echo "REPO_BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
        id: extract_branch
      - name: Build and push Docker image
        uses: https://github.com/docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: "registry.mgrote.net/${{ steps.meta.outputs.REPO_NAME }}:latest,registry.mgrote.net/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.extract_branch.outputs.REPO_BRANCH }}"

  notify:
    steps:
      - name: Send notification
        uses: docker://registry.mgrote.net/allzweckcontainer:latest
        if: always()
        #if: failure()
        with:
          args: echo "CI Error in ${{ GITHUB_REPOSITORY }}" | s-nail \
            --subject="git.mgrote.net - CI-Failure - ${{ GITHUB_REPOSITORY }}" \
            --set=smtp-auth="none" \
            --set=v15-compat \
            --set=mta= \
            -r gitea@mgrote.net \
            michael.grote@posteo.de
      - name: Send mail
        uses: dawidd6/action-send-mail@v3
        with:
          connection_url: smtp://docker10.mgrote.net:1025
          # Required mail server address if not connection_url:
          #server_address: smtp.gmail.com
          # Server port, default 25:
          #server_port: 465
          secure: false
          subject: "CI Error in ${{ GITHUB_REPOSITORY }}"
          to: michael.grote@posteo.de
          from: Gitea Actions
          # Optional plain body:
          body: Build job of ${{github.repository}} completed successfully!
          ignore_cert: true
          # Optional nodemailerlog: true/false
          nodemailerlog: false
          # Optional nodemailerdebug: true/false if true lognodem will also be set true
          nodemailerdebug: false