name: Test Push
on:
  workflow_dispatch:
  push:
    branches:
      - master
      - 'releases/*'

jobs:

  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:

    - name: Set up Go
      uses: actions/setup-go@v4.1.0
      with:
        go-version: 1.17
      id: go

    - name: Checkout
      uses: actions/checkout@v3
      with:
        fetch-depth: 0

    - name: golangci-lint
      uses: golangci/golangci-lint-action@v6.1.1
      with:
        version: v1.44

  test:
    name: Test
    runs-on: ubuntu-latest
    steps:

    - name: Setup Go
      uses: actions/setup-go@v4.1.0
      with:
        go-version: 1.17
      id: go

    - name: Checkout
      uses: actions/checkout@v3

    - name: Test
      run: go test -coverprofile cover.out ./...

    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  image-scan:
    name: Image Scan
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
      uses: actions/checkout@v3
      with:
        fetch-depth: 0

    - name: Setup Go
      uses: actions/setup-go@v4.1.0
      with:
        go-version: 1.17
      id: go

    - name: Run GoReleaser
      uses: goreleaser/goreleaser-action@v4.3.0
      with:
        version: latest
        args: release --rm-dist --snapshot
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    - name: Scan image
      uses: anchore/scan-action@v4.1.2
      id: scan
      with:
        image: "hipages/php-fpm_exporter:latest"
        acs-report-enable: true
        fail-build: false

    - name: Upload Anchore scan SARIF report
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: ${{ steps.scan.outputs.sarif }}