name: toolkit

on:
  push:
    branches: [ "3.x" ]
  pull_request:
    branches: [ "3.x" ]

concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: true

jobs:

  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: '1.22'
    - name: Build
      run: cd src/go; make linux-amd64; cd ../../

    - name: Build the Docker image
      run: echo "FROM oraclelinux:9-slim" > Dockerfile; echo "RUN microdnf -y update" >> Dockerfile; echo "COPY bin/* /usr/bin/" >> Dockerfile; docker build . --file Dockerfile --tag percona-toolkit:${{ github.sha }}
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@0.31.0
      with:
          image-ref: 'percona-toolkit:${{ github.sha }}'
          format: 'table'
          exit-code: '1'
          ignore-unfixed: true
          vuln-type: 'os,library'
          severity: 'CRITICAL,HIGH'
    - name: Upload a Build Artifact
      uses: actions/upload-artifact@v4.6.2
      with:
        name: binaries
        path: bin/*