.github/workflows/main.yml

name: Master

on:
  push:
    branches:
      - master

env:
  IMAGE_NAME: dwpdigital/alpine-prometheus

jobs:
  get-publish-version:
    runs-on: ubuntu-latest
    outputs:
      publish-version: ${{ steps.get-publish-version.outputs.publish-version }}
    steps:
      - name: Get publish version
        id: get-publish-version
        run: |
          LATEST_VERSION=$(curl --silent "https://api.github.com/repos/${{ github.repository }}/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
          [  -z "$LATEST_VERSION" ] && LATEST_VERSION="0.0.0"
          VERSION=$(echo $LATEST_VERSION | awk -F. '{$NF = $NF + 1;} 1' | sed 's/ /./g')
          echo "::set-output name=publish-version::${VERSION}"

  publish-github-release:
    runs-on: ubuntu-latest
    needs: get-publish-version
    steps:
      - name: Checkout code
        uses: actions/checkout@master
      - name: Create GitHub Release
        id: create_release
        uses: actions/create-release@latest
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ needs.get-publish-version.outputs.publish-version }}
          release_name: Release ${{ needs.get-publish-version.outputs.publish-version }}
          draft: false
          prerelease: false

  publish-docker:
    runs-on: ubuntu-latest
    needs: get-publish-version
    steps:
      - uses: actions/checkout@master
      - name: Get release version
        id: get_version
        run: echo RELEASE_VERSION=$(echo ${GITHUB_REF:10}) >> $GITHUB_ENV
      - name: Publish to DockerHub
        uses: elgohr/Publish-Docker-Github-Action@191af57e15535d28b83589e3b5f0c31e76aa8733 #v3.0.4 hardcoded for security DW-5986, review regularly
        with:
          name: ${{ env.IMAGE_NAME }}
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
          tags: "latest, ${{ needs.get-publish-version.outputs.publish-version }}"
          tag_semver: true

  snyk-monitor:
    runs-on: ubuntu-latest
    needs: publish-docker
    steps:
      - uses: actions/checkout@v2
      - name: Run Snyk monitoring
        uses: snyk/actions/docker@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          command: monitor
          image: ${{ env.IMAGE_NAME }}
          args: --file=Dockerfile --org=dwp-dataworks