name: ci-workflow
 
on: [push]
jobs:
  ci:
    runs-on: docker
 
    container:
      image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/pipeline-container/complete:v0.0.3
 
    steps:
 
      - name: Clone Repository
        uses: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/checkout@main
 
      - name: Lint the Repository
        run: |
          golangci-lint run ./... --out-format=json --timeout 10m --issues-exit-code 1
 
      - name: Build Credentials File
        run: |
          mkdir -p ~/.docker
          AUTHSTRING=$(echo -n "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" | base64 -w 0)
          echo "{\"auths\":{\"https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live\":{\"auth\":\"${AUTHSTRING}\"}}}" > ~/.docker/config.json
      
      - name: Build Docker Container
        run: |
          KO_DOCKER_REPO="forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/fibonacci_go" ko build --bare ./cmd
 
      - name: Vulnerability Scanning
        run: |
          trivy image --scanners license,vuln,secret forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/fibonacci_go:latest
          trivy image --image-config-scanners secret,misconfig forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/fibonacci_go:latest