.github/workflows/docker-build-and-publish.yml

name: Docker Build and Publish

on:
  workflow_dispatch:
  push:
    branches: ["main"]
    paths:
      - "images/**"
  schedule:
    - cron: "0 2 * * 0" # Weekly on Sundays at 02:00

permissions:
  contents: read
  packages: write
  id-token: write

env:
  IMAGE_TAG: 1.0.${{ github.run_number }}

jobs:
  build-standard:
    name: Build standard images
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and publish standard alpine
        id: publish-standard-alpine
        uses: elgohr/Publish-Docker-Github-Action@v5
        with:
          name: SlalomBuild/pe-toolkit-standard-alpine
          dockerfile: images/dockerfile-standard-alpine
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry: ghcr.io
          buildoptions: "--compress --force-rm"
          platforms: linux/amd64,linux/arm64
          tags: "latest,${{ env.IMAGE_TAG }},alpine"

      - name: Build and publish standard ubuntu
        id: publish-standard-ubuntu
        uses: elgohr/Publish-Docker-Github-Action@v5
        with:
          name: SlalomBuild/pe-toolkit-standard-ubuntu
          dockerfile: images/dockerfile-standard-ubuntu
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry: ghcr.io
          buildoptions: "--compress --force-rm"
          platforms: linux/amd64,linux/arm64
          tags: "latest,${{ env.IMAGE_TAG }},ubuntu"

  build-full:
    name: Build full images
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and publish full ubuntu
        id: publish-full-ubuntu
        uses: elgohr/Publish-Docker-Github-Action@v5
        with:
          name: SlalomBuild/pe-toolkit-full-ubuntu
          dockerfile: images/dockerfile-full-ubuntu
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry: ghcr.io
          buildoptions: "--compress --force-rm"
          platforms: linux/amd64,linux/arm64
          tags: "latest,${{ env.IMAGE_TAG }},ubuntu"

      - name: Build and publish full alpine
        id: publish-full-alpine
        uses: elgohr/Publish-Docker-Github-Action@v5
        with:
          name: SlalomBuild/pe-toolkit-full-alpine
          dockerfile: images/dockerfile-full-alpine
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
          registry: ghcr.io
          buildoptions: "--compress --force-rm"
          platforms: linux/amd64,linux/arm64
          tags: "latest,${{ env.IMAGE_TAG }},alpine"

  #  _____         _
  # |_   _|__  ___| |_ ___
  #   | |/ _ \/ __| __/ __|
  #   | |  __/\__ \ |_\__ \
  #   |_|\___||___/\__|___/

  test:
    name: Test ${{ matrix.type.name }}-${{ matrix.distro.id }}-${{ matrix.arch.id }}
    if: ${{ success() }}
    needs: [build-standard, build-full]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        arch:
          - id: "amd64"
          - id: "arm64"
        distro:
          - id: "ubuntu"
          - id: "alpine"
        type:
          - name: "full"
          - name: "standard"

    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: "linux/${{ matrix.arch.id }}"

      - name: Run binaries in docker
        run: |
          docker run \
            --rm \
            --platform linux/${{ matrix.arch.id }} \
            ghcr.io/slalombuild/pe-toolkit-${{ matrix.type.name }}-${{ matrix.distro.id }}:${{ env.IMAGE_TAG }} \
            /bin/sh -c 'figlet terraform && terraform version && figlet atmos && atmos version && figlet tflint && tflint --version && figlet tfsec && tfsec --version && figlet opa && opa version'