fasten-onprem/.github/workflows/docker.yaml

name: Docker
on:
  push:
    branches: [ main, beta ]
    # Publish semver tags as releases.
  release:
    types: [published]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true


jobs:
  docker:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    strategy:
      matrix:
        flavor: [main, sandbox]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: "Populate frontend version information"
        run: "cd frontend && ./git.version.sh"
      - name: Set up depot.dev multi-arch runner
        uses: depot/setup-action@v1
      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          flavor: |
            # only latest if push has a tag and we're building the "main" flavor
            latest=${{ github.event_name == 'release' && matrix.flavor == 'main' && github.ref_type == 'tag' }}            
          tags: |
            # if this is a tag'd build, prefix it with the flavor (eg. main-v1.2.3 and sandbox-v1.2.3)
            type=ref,event=tag,prefix=${{ matrix.flavor }}-
            # if this is a main branch build, just tag it with the flavor (eg. main and sandbox)
            type=raw,value=${{ matrix.flavor }},enable=${{  github.ref_name == 'main' }}
            # if this is a (non main) branch build, tag it with the flavor and branch name (eg. main-branch and sandbox-branch)
            type=ref,event=branch,prefix=${{ matrix.flavor }}-,enable=${{ github.ref_name != 'main' }}            
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        uses: depot/build-push-action@v1
        with:
          project: vhwr5r7tw1
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          context: .
          file: Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            FASTEN_ENV=${{ matrix.flavor == 'sandbox' && 'sandbox' || 'prod' }}            
#          sbom: true
#          sbom-dir: ./sbom-output
#      - name: upload SBOM directory as a build artifact
#        uses: actions/upload-artifact@v3.1.0
#        with:
#          path: ./sbom-output
#          name: 'SBOM'
#
#      - name: upload spdx dependency
#        uses: advanced-security/spdx-dependency-submission-action@v0.0.1
#        with:
#          filePath: ./sbom-output/