name: Docker Scan and Build

on:
  push:
    branches: [ main ]
  schedule:
    - cron: "0 0 * * *"  # Daily at midnight UTC
  workflow_dispatch:
    inputs:
      trigger-build:
        description: 'Trigger a manual build and push'
        default: 'true'

env:
  DOCKER_IMAGE: donaldzou/wgdashboard

jobs:
  docker_build_analyze:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and export (multi-arch)
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./docker/Dockerfile
          push: true
          tags: ${{ env.DOCKER_IMAGE }}:latest
          platforms: linux/amd64,linux/arm64,linux/arm/v7 #ARM v6 no longer support by go image.

      - name: Docker Scout
        id: docker-scout
        uses: docker/scout-action@v1
        with:
          command: cves
          image: ${{ env.DOCKER_IMAGE }}:latest
          only-severities: critical,high,medium,low,unspecified
          github-token: ${{ secrets.GITHUB_TOKEN }}