name: Release

on:
  push:
    branches: [main]
    paths-ignore:
      - "**/*.md"
      - "docs/**"

env:
  REGISTRY: git.resacachile.cl
  OWNER: anti

jobs:
  tag:
    name: Auto-tag release
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.version.outputs.version }}
      tag_created: ${{ steps.tag.outputs.created }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          token: ${{ secrets.DECNET_PR_TOKEN }}

      - name: Configure git
        run: |
          git config user.name "DECNET CI"
          git config user.email "ci@decnet.local"

      - name: Bump version and Tag
        id: version
        run: |
          # Calculate next version (v0.x)
          LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0")
          NEXT_VER=$(python3 -c "
          tag = '$LATEST_TAG'.lstrip('v')
          parts = tag.split('.')
          major = int(parts[0]) if parts[0] else 0
          minor = int(parts[1]) if len(parts) > 1 else 0
          print(f'{major}.{minor + 1}')
          ")
          
          echo "Next version: $NEXT_VER (calculated from $LATEST_TAG)"
          
          # Update pyproject.toml
          sed -i "s/^version = \".*\"/version = \"$NEXT_VER\"/" pyproject.toml
          
          git add pyproject.toml
          git commit -m "chore: auto-release v$NEXT_VER [skip ci]" || echo "No changes to commit"
          CHANGELOG=$(git log ${LATEST_TAG}..HEAD --oneline --no-decorate --no-merges)
          git tag -a "v$NEXT_VER" -m "Auto-release v$NEXT_VER

Changes since $LATEST_TAG:
$CHANGELOG"
          git push origin main --follow-tags
          
          echo "version=$NEXT_VER" >> $GITHUB_OUTPUT
          echo "created=true" >> $GITHUB_OUTPUT

  docker:
    name: Build, scan & push ${{ matrix.service }}
    runs-on: ubuntu-latest
    needs: tag
    strategy:
      fail-fast: false
      matrix:
        service:
          - conpot
          - docker_api
          - elasticsearch
          - ftp
          - http
          - imap
          - k8s
          - ldap
          - llmnr
          - mongodb
          - mqtt
          - mssql
          - mysql
          - pop3
          - postgres
          - rdp
          - redis
          - sip
          - smb
          - smtp
          - snmp
          - ssh
          - telnet
          - tftp
          - vnc
    steps:
      - uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Gitea container registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Build image locally
        uses: docker/build-push-action@v5
        with:
          context: templates/${{ matrix.service }}
          load: true
          push: false
          tags: decnet-${{ matrix.service }}:scan
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Scan with Trivy
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: decnet-${{ matrix.service }}:scan
          exit-code: "1"
          severity: CRITICAL
          ignore-unfixed: true

      - name: Push image
        if: success()
        uses: docker/build-push-action@v5
        with:
          context: templates/${{ matrix.service }}
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.OWNER }}/decnet-${{ matrix.service }}:latest
            ${{ env.REGISTRY }}/${{ env.OWNER }}/decnet-${{ matrix.service }}:v${{ needs.tag.outputs.version }}
          cache-from: type=gha