# CI/CD Pipeline for dbbackup
name: CI/CD

on:
  push:
    branches: [main, master, develop]
    tags: ['v*']
  pull_request:
    branches: [main, master]

env:
  GITEA_URL: https://git.uuxo.net

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    container:
      image: golang:1.24-bookworm
    steps:
      - name: Install git
        run: apt-get update && apt-get install -y git ca-certificates

      - name: Checkout code
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .

      - name: Download dependencies
        run: go mod download

      - name: Run tests with race detection
        run: go test -race -coverprofile=coverage.out -covermode=atomic ./...

      - name: Generate coverage report
        run: |
          go tool cover -func=coverage.out
          go tool cover -html=coverage.out -o coverage.html

  lint:
    name: Lint
    runs-on: ubuntu-latest
    container:
      image: golang:1.24-bookworm
    steps:
      - name: Install git
        run: apt-get update && apt-get install -y git ca-certificates

      - name: Checkout code
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .

      - name: Install golangci-lint
        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.2

      - name: Run golangci-lint
        run: golangci-lint run --timeout=5m ./...

  build:
    name: Build (${{ matrix.goos }}-${{ matrix.goarch }})
    runs-on: ubuntu-latest
    needs: [test, lint]
    container:
      image: golang:1.24-bookworm
    strategy:
      matrix:
        goos: [linux, darwin]
        goarch: [amd64, arm64]
    steps:
      - name: Install git
        run: apt-get update && apt-get install -y git ca-certificates

      - name: Checkout code
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .

      - name: Build binary
        env:
          GOOS: ${{ matrix.goos }}
          GOARCH: ${{ matrix.goarch }}
          CGO_ENABLED: 0
        run: |
          BINARY_NAME=dbbackup
          go build -ldflags="-s -w" -o dist/${BINARY_NAME}-${{ matrix.goos }}-${{ matrix.goarch }} .

  sbom:
    name: Generate SBOM
    runs-on: ubuntu-latest
    needs: [test]
    container:
      image: golang:1.24-bookworm
    steps:
      - name: Install git
        run: apt-get update && apt-get install -y git ca-certificates

      - name: Checkout code
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .

      - name: Install Syft
        run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin

      - name: Generate SBOM
        run: |
          syft . -o spdx-json=sbom-spdx.json
          syft . -o cyclonedx-json=sbom-cyclonedx.json

  release:
    name: Release
    runs-on: ubuntu-latest
    needs: [test, lint, build]
    if: startsWith(github.ref, 'refs/tags/v')
    container:
      image: golang:1.24-bookworm
    steps:
      - name: Install tools
        run: |
          apt-get update && apt-get install -y git ca-certificates
          curl -sSfL https://github.com/goreleaser/goreleaser/releases/download/v2.4.8/goreleaser_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin goreleaser
          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin

      - name: Checkout code
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
          git fetch --tags

      - name: Run goreleaser
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
        run: goreleaser release --clean

  docker:
    name: Build & Push Docker Image
    runs-on: ubuntu-latest
    needs: [test, lint]
    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/'))
    container:
      image: docker:24-cli
      options: --privileged
    services:
      docker:
        image: docker:24-dind
        options: --privileged
    steps:
      - name: Install dependencies
        run: apk add --no-cache git curl

      - name: Checkout code
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"
          git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .

      - name: Set up Docker Buildx
        run: |
          docker buildx create --use --name builder --driver docker-container
          docker buildx inspect --bootstrap

      - name: Login to Gitea Registry
        run: |
          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.uuxo.net -u "${{ secrets.REGISTRY_USER }}" --password-stdin

      - name: Build and push
        run: |
          # Determine tags
          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
            VERSION=${GITHUB_REF#refs/tags/}
            TAGS="-t git.uuxo.net/uuxo/dbbackup:${VERSION} -t git.uuxo.net/uuxo/dbbackup:latest"
          else
            TAGS="-t git.uuxo.net/uuxo/dbbackup:${GITHUB_SHA::8} -t git.uuxo.net/uuxo/dbbackup:main"
          fi
          
          docker buildx build \
            --platform linux/amd64,linux/arm64 \
            --push \
            ${TAGS} \
            .