.github/workflows/release.yml

name: Semantic Release

permissions:
  contents: write

on:
  push:
    branches:
      - main
env:
  REGISTRY: docker.io
  IMAGE_NAME: rilesdun/peerplays-explorer-api

jobs:

  pylint:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.9", "3.10", "3.11"]
    steps:
    - uses: actions/checkout@v3
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v3
      with:
        python-version: ${{ matrix.python-version }}

    - name: Set up Python virtual environment
      run: |
        python -m venv venv
        source venv/bin/activate

    - name: Upgrade pip and install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install pylint

    - name: Set PYTHONPATH
      run: echo "PYTHONPATH=$(pwd)" >> $GITHUB_ENV

    - name: Analysing the code with pylint
      run: |
        pylint $(git ls-files '*.py') 


  bandit-scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set up Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.x'

      - name: Install Bandit
        run: pip install bandit
      
      - name: Create report directory
        run: mkdir -p bandit-security-report

      - name: Run Bandit and generate report
        run: |
          bandit -r src/ -f json -o bandit-security-report/bandit-report.json
          python json_to_html.py bandit-security-report/bandit-report.json > bandit-security-report/index.html

      - name: Deploy to GitHub Pages
        uses: peaceiris/actions-gh-pages@v3
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          publish_dir: ./bandit-security-report
          commit_message: 'Deploy Bandit report to GitHub Pages'

  release:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2

    - name: Setup Node.js
      uses: actions/setup-node@v2
      with:
        node-version: '18'

    - name: Install dependencies
      run: npm ci

    - name: Semantic Release
      run: npx semantic-release
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Commit CHANGELOG.md
      run: |
        git config --local user.email "action@github.com"
        git config --local user.name "GitHub Action"
        git add CHANGELOG.md
        git commit -m "chore: update CHANGELOG.md" || echo "No changes to commit"
        git push
    needs: [pylint, bandit-scan]

  dockerhub_publish:
    runs-on: ubuntu-latest
    steps:
    - name: Log into Docker Hub
      uses: docker/login-action@v3.0.0
      with:
        registry: ${{ env.REGISTRY }}
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_PASSWORD }}
  

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3.0.0

    # Extract metadata (tags, labels)
    - name: Extract Docker metadata
      id: meta
      uses: docker/metadata-action@v5.0.0
      with:
        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

    - name: Build and push Docker image
      uses: docker/build-push-action@v5.0.0
      with:
        context: .
        push: true
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}
        cache-from: type=gha
        cache-to: type=gha,mode=max

    - name: Log out from Docker Hub
      run: docker logout ${{ env.REGISTRY }}
    needs: [release]