name: Docker publish

on: push

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

permissions:
  contents: read

jobs:
  publish:
    # Only run it when the push is to the fleetdm/fleet repo. Otherwise the secrets for pushing to
    # Docker will not be available.
    #
    # Also not run if author is dependabot (it doesn't have access to Github secrets).
    if: ${{ (github.repository == 'fleetdm/fleet') && (github.actor != 'dependabot[bot]') }}
    runs-on: ubuntu-20.04
    environment: Docker Hub
    steps:
      - name: Checkout
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2

      - name: Login to Docker Hub
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}

      - name: Set up Go
        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # v2
        with:
          go-version: 1.19.4

      - name: Install Dependencies
        run: make deps

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b
        with:
          distribution: goreleaser-pro
          version: latest
          args: release --snapshot --rm-dist -f .goreleaser-snapshot.yml
        env:
          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}

      - name: Tag image with branch name
        run: docker tag fleetdm/fleet:$(git rev-parse --short HEAD) fleetdm/fleet:$(git rev-parse --abbrev-ref HEAD)

      # Explicitly push the docker images as GoReleaser will not do so in snapshot mode
      - name: Publish Docker images
        run: docker push fleetdm/fleet --all-tags

      - name: Get tag
        run: |
          echo "TAG=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
        id: docker

      - name: Push To quay.io
        id: push-to-quay
        uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2.7.1
        with:
          image: fleetdm/fleet
          tags: ${{ steps.docker.outputs.TAG }}
          registry: quay.io/
          username: fleetdm+fleetreleaser
          password: ${{ secrets.QUAY_REGISTRY_PASSWORD }}