name: Gitea Docker Build Demo
run-name: Reference Branch Build 🚀
on:
  push:
    branches:
      - main

jobs:
  Test:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.24.x'
      - name: Test with the Go CLI
        run: go test ./...
      - name: Run Trivy vulnerability scanner 
        uses: aquasecurity/trivy-action@0.28.0
        with:
          scan-type: 'fs'
          scan-ref: '.'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          severity: 'CRITICAL,HIGH'
  Build_Image:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Set up Cosign
        uses: sigstore/cosign-installer@v3.10.0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: remote
          endpoint: tcp://buildkit-service.buildkit-service.svc:1234
      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
      - name: Build and Push the Docker Image
        uses: docker/build-push-action@v6
        id: build-and-push
        with:
            context: .
            file: ./Dockerfile
            push: false
            tags: |
              lerentis/canada-kaktus:{{ github.sha }}
      - name: Sign the published Docker image
        env:
          COSIGN_EXPERIMENTAL: "true"
        run: cosign sign lerentis/canada-kaktus:${{ github.sha }}@${{ steps.build-and-push.outputs.digest }}