name: image
on:
  push:
    branches:
      - 'main'

jobs:
  push-init-kyverno:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16

      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.1'

      - name: login to GitHub Container Registry
        run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        id: buildx
        with:
          install: true

      - name: docker images publish
        id: push-step
        run: |
          make docker-publish-sigs
          make docker-publish-initContainer-dev

      - name: Sign image
        env:
          COSIGN_EXPERIMENTAL: "true"
        run: |
          cosign sign \ 
          -a "repo=${{ github.repository }}" \
          -a "workflow=${{ github.workflow }}" \
          -a "ref=${{ github.sha }}" \
          ghcr.io/kyverno/kyvernopre@${{ steps.push-step.outputs.digest }}

  push-kyverno:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16

      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.1'

      - name: login to GitHub Container Registry
        run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        id: buildx
        with:
          install: true

      - name: docker images publish
        id: push-step
        run: |
          make docker-publish-kyverno-dev

      - name: Sign image
        env:
          COSIGN_EXPERIMENTAL: "true"
        run: |
          cosign sign \ 
          -a "repo=${{ github.repository }}" \
          -a "workflow=${{ github.workflow }}" \
          -a "ref=${{ github.sha }}" \
          ghcr.io/kyverno/kyverno@${{ steps.push-step.outputs.digest }}

  push-kyverno-cli:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16

      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.1'

      - name: login to GitHub Container Registry
        run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        id: buildx
        with:
          install: true

      - name: docker images publish
        id: push-step
        run: |
          make docker-publish-cli-dev

      - name: Sign image
        env:
          COSIGN_EXPERIMENTAL: "true"
        run: |
          cosign sign \ 
          -a "repo=${{ github.repository }}" \
          -a "workflow=${{ github.workflow }}" \
          -a "ref=${{ github.sha }}" \
          ghcr.io/kyverno/kyverno-cli@${{ steps.push-step.outputs.digest }}