name: Build and push Alpine Linux container images

on:
  push:
    branches:
      - master

jobs:
  build:
    name: Build alpine linux container images
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
    runs-on: ubuntu-latest
    # needs:
    #   - prepare
    strategy:
      matrix:
        # version: ${{ fromJson(needs.prepare.outputs.versions) }}
        version:
          - "3.5"
          - "3.6"
          - "3.7"
          - "3.8"
          - "3.9"
          - "3.10"
          - "3.11"
          - "3.12"
          - "3.13"
          - "3.14"
          - "3.15"
          - "3.16"
          - "3.17"
          - "3.18"
          - "3.19"
          - "3.20"
          - "3.21"
          - "edge"
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Login to quay.io
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ vars.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_SECRET }}
      # - name: Set up QEMU
      #   uses: docker/setup-qemu-action@v3
      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push container image
        uses: docker/build-push-action@v5
        with:
          # platforms: linux/amd64,linux/arm64
          push: true
          context: .
          build-args: |
            ALPINE_VERSION=${{ matrix.version }}
          tags: |
            quay.io/sindigilive/alpine:${{ matrix.version }}
      - name: Scan container image with Trivy
        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'quay.io/sindigilive/alpine:${{ matrix.version }}'
          format: 'sarif'
          output: 'trivy-results.sarif'

  build-latest:
    name: Build latest alpine linux container images
    container:
      image: ghcr.io/catthehacker/ubuntu:act-latest
    runs-on: ubuntu-latest
    needs:
      - prepare
      - build
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
      - name: Login to quay.io
        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ vars.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_SECRET }}
      # - name: Set up QEMU
      #   uses: docker/setup-qemu-action@v3
      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v3
      - name: Build latest version
        uses: docker/build-push-action@v5
        with:
          # platforms: linux/amd64,linux/arm64
          push: true
          context: .
          tags: |
            quay.io/sindigilive/alpine:latest
      - name: Scan container image with Trivy
        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'quay.io/sindigilive/alpine:latest'
          format: 'sarif'
          output: 'trivy-results.sarif'