when:
  - event: [push, pull_request, manual]
    branch: [master, feature/*]

steps:
  - name: trivy-scan
    image: gitea.tahmidcloud.com/taqi/trivy:latest
    commands:
      - trivy fs --scanners vuln,config --exit-code 1  --ignorefile .trivyignore --severity HIGH,CRITICAL frontend/

  - name: lint-frontend
    image: node:24
    commands:
      - cd frontend
      - npm run lint

  - name: build-and-publish
    image: woodpeckerci/plugin-docker-buildx
    settings: 
      IMAGE_REGISTRY:
        from_secret: docker-registry
      registry: ${IMAGE_REGISTRY}
      repo: ${IMAGE_REGISTRY}/taqi/portfolio
      tags:
        - latest
        - 1.0.0-${CI_PIPELINE_NUMBER} # Ref: https://woodpecker-ci.org/docs/usage/environment
      skip_tls_verify: false # set to true for testing registries ONLY with self-signed certs
      build_args:
        - COMMIT_SHA=${CI_COMMIT_SHA}
        - COMMIT_AUTHOR_EMAIL=${CI_COMMIT_AUTHOR_EMAIL}
      username:
        from_secret: docker-username
      password:
        from_secret: docker-password