.github/workflows/build-push-c1-art.yml

name: Docker Build Main Push C1 Artifactory

on:
  release:
    types: [published]
  workflow_dispatch:

jobs:
  build-and-push-dev-c1:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3

      - name: Add DoD Certificate Bundle
        env:
          CERT_BUNDLE_SHA256: ${{ secrets.DOD_CA_CERT_BUNDLE_SHA256 }}
        run: |
          echo "$CERT_BUNDLE_SHA256" > scripts/dod_ca_cert_bundle.sha256
          sudo bash scripts/add-dod-cas.sh

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4
        with:
          # list of Docker images to use as base name for tags
          images: |
            ${{ secrets.C1_REGISTRY }}/${{ secrets.C1_REPOSITORY }}
          tags: |
            type=sha,prefix=,format=long
          flavor: |
            latest=false

      - uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2
        id: buildx
        with:
          config-inline: |
            [registry."${{ secrets.C1_REGISTRY }}"]
              ca=["/etc/ssl/certs/adoptium/cacerts"]
              http = false
              insecure = true

      - name: Build
        uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4
        with:
          context: .
          push: false
          load: true
          tags: ${{ secrets.C1_REGISTRY}}/${{ secrets.C1_REPOSITORY }}:${{ github.sha }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            BUILD=${{ github.sha }}

      - name: Login to Dev Artifactory Container Registry
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
        with:
          registry: ${{ secrets.C1_REGISTRY }}
          username: ${{ secrets.C1_ART_USERNAME }}
          password: ${{ secrets.C1_ARTIFACTORY_TOKEN }}

      - name: Push image to C1 Dev, Test, and Prod Artifactory
        id: push-c1-image
        env:
          IMAGE_TAG: ${{ github.sha }}
          C1_REGISTRY: ${{ secrets.C1_REGISTRY }}
          C1_REPOSITORY: ${{ secrets.C1_REPOSITORY }}
          DEV_CERT: ${{ secrets.SAML_CERT }}
          TEST_CERT: ${{ secrets.C1_TEST_SAML_CERT }}
          PROD_CERT: ${{ secrets.C1_PROD_SAML_CERT }}
        run: |
          docker push $C1_REGISTRY/$C1_REPOSITORY:$IMAGE_TAG
          docker tag $C1_REGISTRY/$C1_REPOSITORY:$IMAGE_TAG $C1_REGISTRY/dockerreadyfortest/portal/client:$IMAGE_TAG
          docker push $C1_REGISTRY/dockerreadyfortest/portal/client:$IMAGE_TAG
          docker tag $C1_REGISTRY/$C1_REPOSITORY:$IMAGE_TAG $C1_REGISTRY/dockerreadyforprod/portal/client:$IMAGE_TAG
          docker push $C1_REGISTRY/dockerreadyforprod/portal/client:$IMAGE_TAG
          echo "image=$C1_REGISTRY/$C1_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT