release.yml

---
name: Release

on:
  push:
    branches:
      - "latest"
    paths:
      - '.github/workflows/release.yml'
      - 'Dockerfile'
      - 'bin/**'
      - 'lib/**'
      - 'src/**'
      - 'etc/**'
      - 'tests/**'
      - 'Makefile'
      - LICENSE

jobs:
  docker-release:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
      contents: write

    outputs:
      semVer: ${{ steps.gitversion.outputs.semVer }}
      changelog: ${{ steps.changelog.outputs.changelog }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker-container

      - name: Install GitVersion
        uses: gittools/actions/gitversion/setup@v3.1.11
        with:
          versionSpec: "6.0.0"

      - name: Clear GitVersion Cache
        run: rm -rf .git/gitversion_cache

      - name: Determine Version
        id: gitversion
        uses: gittools/actions/gitversion/execute@v3.1.11
        with:
          useConfigFile: true
          configFilePath: ci/git-version.yml

      - name: Generate Changelog
        id: changelog
        run: |
          git log $(git describe --tags --abbrev=0)..HEAD -- . \
            --pretty=format:"- %s" > changelog.txt
          CHANGELOG=$(cat changelog.txt | jq -sRr @uri)
          echo "changelog<<EOF" >> $GITHUB_ENV
          echo "$CHANGELOG" >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV
        env:
          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}

      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: "usabilitydynamics"
          password: ${{ secrets.DOCKER_TOKEN }}

      - name: Build and Push Docker Image
        id: docker_push
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64, linux/arm64
          push: true
          sbom: true
          provenance: true
          tags: |
            usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }}
            usabilitydynamics/udx-worker:latest

      - name: Install Trivy
        run: |
          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | \
            sudo sh -s -- -b /usr/local/bin

      - name: Generate SBOM with Retry Logic
        id: generate-sbom
        run: |
          export TRIVY_DISABLE_VEX_NOTICE=true
          max_retries=10
          attempt=1
          success=false
          while [ $attempt -le $max_retries ]; do
            echo "Generating SBOM, attempt $attempt..."
            output=$(trivy image --format spdx-json --output sbom.json usabilitydynamics/udx-worker:${{ steps.gitversion.outputs.semVer }} 2>&1)
            sbom_exit_code=$?
            if [ $sbom_exit_code -eq 0 ]; then
              echo "SBOM generation successful."
              success=true
              break
            else
              echo "Retrying in 120 seconds..."
              sleep 120
              attempt=$((attempt+1))
            fi
          done
          if [ "$success" = false ]; then
            exit 1
          fi

      - name: Upload SBOM Artifact
        uses: actions/upload-artifact@v4
        with:
          name: sbom
          path: sbom.json

      - name: Log out from Docker Hub
        run: docker logout

  github-release:
    runs-on: ubuntu-24.04
    needs: docker-release
    permissions:
      contents: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure Git for Pushing
        run: |
          git config --global user.email "worker@udx.io"
          git config --global user.name "UDX Worker"

      - name: Download SBOM Artifact
        uses: actions/download-artifact@v4
        with:
          name: sbom

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ needs.docker-release.outputs.semVer }}
          body: |
            Release version ${{ needs.docker-release.outputs.semVer }}.
            [View on Docker Hub](https://hub.docker.com/r/usabilitydynamics/udx-worker/tags?page=1&ordering=last_updated).
            ${{ needs.docker-release.outputs.changelog }}
          draft: false
          prerelease: false
          files: sbom.json
        env:
          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}