name: CI
on:
  release:
    types:
      - published
  push:
    branches:
      - master
    paths:
      - .github/workflows/ci.yml
      - cmd/**
      - internal/**
      - pkg/**
      - .dockerignore
      - .golangci.yml
      - Dockerfile
      - go.mod
      - go.sum
  pull_request:
    branches:
      - master
    paths:
      - .github/workflows/ci.yml
      - cmd/**
      - internal/**
      - pkg/**
      - .dockerignore
      - .golangci.yml
      - Dockerfile
      - go.mod
      - go.sum

jobs:
  verify:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
    env:
      DOCKER_BUILDKIT: "1"
    steps:
      - uses: actions/checkout@v3

      - uses: reviewdog/action-misspell@v1
        with:
          locale: "US"
          level: error

      - name: Linting
        run: docker build --target lint .

      - name: Mocks check
        run: docker build --target mocks .

      - name: Build test image
        run: docker build --target test -t test-container .

      - name: Run tests in test container
        run: |
          touch coverage.txt
          docker run --rm \
          -v "$(pwd)/coverage.txt:/tmp/gobuild/coverage.txt" \
          test-container

      - name: Build final image
        run: docker build -t final-image .

  codeql:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@v3
      - uses: github/codeql-action/init@v2
        with:
          languages: go
      - uses: github/codeql-action/autobuild@v2
      - uses: github/codeql-action/analyze@v2

  publish:
    if: |
      github.repository == 'qdm12/gluetun' &&
      (
        github.event_name == 'push' ||
        github.event_name == 'release' ||
        (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')
      )
    needs: [verify, codeql]
    permissions:
      actions: read
      contents: read
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      # extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          flavor: |
            latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
          images: |
            qmcgaw/gluetun
            qmcgaw/private-internet-access
          tags: |
            type=ref,event=pr
            type=semver,pattern=v{{major}}.{{minor}}.{{patch}}
            type=semver,pattern=v{{major}}.{{minor}}
            type=semver,pattern=v{{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}

      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@v2

      - uses: docker/login-action@v2
        with:
          username: qmcgaw
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Short commit
        id: shortcommit
        run: echo "::set-output name=value::$(git rev-parse --short HEAD)"

      - name: Build and push final image
        uses: docker/build-push-action@v3.1.0
        with:
          platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v6,linux/arm/v7,linux/ppc64le
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            CREATED=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
            COMMIT=${{ steps.shortcommit.outputs.value }}
            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
          tags: ${{ steps.meta.outputs.tags }}
          push: true