.github/workflows/release.yml

name: Release

on:
  release:
    types: [published]

env:
  IMAGE_NAME: hatamiarash7/ipset-exporter

jobs:
  init:
    name: 🚩 Initialize
    runs-on: ubuntu-latest
    steps:
      - name: Cancel previous workflow
        uses: styfle/cancel-workflow-action@0.12.1
        with:
          access_token: ${{ github.token }}

  docker:
    name: 🐳 Build Docker image
    needs: init
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4.2.2

      - name: Get version
        run: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV

      - name: Get Current Date
        id: date
        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT

      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: hatamiarash7
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build & Push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile
          push: true
          platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v6,linux/arm/v7
          build-args: |
            APP_VERSION=${{ env.APP_VERSION }}
            DATE_CREATED=${{ steps.date.outputs.date }}
          tags: |
            ${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}
            ${{ env.IMAGE_NAME }}:latest

      - name: Run Trivy scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ${{ env.IMAGE_NAME }}:latest
          exit-code: "0"
          ignore-unfixed: true
          vuln-type: "os,library"
          severity: "CRITICAL,HIGH"
          format: "template"
          template: "@/contrib/sarif.tpl"
          output: "trivy-results.sarif"

      - name: Upload Trivy scan results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: "trivy-results.sarif"