name: toolkit

on:
  push:
    branches: [ "3.x" ]
  pull_request:
    branches: [ "3.x" ]

concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: true

jobs:

  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: '1.23'

    - name: Build
      working-directory: src/go
      run: make linux-amd64

    - name: Build the Docker image
      run: docker build . --file Dockerfile --tag percona-toolkit:${{ github.sha }}
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@0.29.0
      with:
          image-ref: 'percona-toolkit:${{ github.sha }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
    - name: Upload a Build Artifact
      uses: actions/upload-artifact@v4.6.0
      with:
        name: binaries
        path: bin/*