.github/workflows/build.yaml

name: Lint and Build
on:
  push:
    ## do not lint and build when tagged, we just need to build when tagged
    tags-ignore:
      - '*'
    branches:
      - '*'
  pull_request:
    branches: ['main', 'master']

jobs:
  lint-and-build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Shallow clones disabled for a linting job

      - name: Run golangci-lint
        uses: reviewdog/action-golangci-lint@v2
        with:
          golangci_lint_flags: "--config=./.golangci.yml --timeout=6m0s"

      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version-file: go.mod

      - name: Check if go.mod and go.sum are up to date
        run: |
          go mod tidy
          git diff --exit-code go.mod go.sum

      - name: Install dependencies
        run: go get ./...

      - name: Test
        run: go test -v ./... --race

      - name: Build
        run: go build -v ./...

  build-scan-docker-images:
    runs-on: ubuntu-latest
    needs: lint-and-build
    steps:
      - name: Checkout source code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and tag dev image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile.dev
          tags: |
            controlplane/simulator:dev
          load: true
          push: false

      - name: Run Trivy vulnerability scanner on the dev image
        uses: aquasecurity/trivy-action@0.16.0
        with:
          image-ref: 'controlplane/simulator:dev'
          format: 'table'
          exit-code: '1'
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
          trivyignores: './.trivy-config/.trivyignore'

      - name: Build and tag simulator image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          tags: controlplane/simulator:${{ github.sha }}
          load: true
          push: false

      - name: Run Trivy vulnerability scanner on simulator image
        uses: aquasecurity/trivy-action@0.16.0
        with:
          image-ref: controlplane/simulator:${{ github.sha }}
          format: 'table'
          exit-code: '1'
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
          trivyignores: './.trivy-config/.trivyignore'