.github/workflows/docker-publish.yml

name: Build Container Images

on:
  push:
    branches: 
      - main
  pull_request:
    branches: 
      - main
  # supports manualy running a workflow
  workflow_dispatch:

env:
  REGISTRY: ghcr.io

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - image: microsoft/defender-for-cloud/attacksimulation/victim
            dockerpath: Images/victim
          - image: microsoft/defender-for-cloud/attacksimulation/attacker
            dockerpath: Images/attacker
    permissions:
      contents: read
      packages: write
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: copy Notice file
        run: cp NOTICE ${{ matrix.dockerpath }}/NOTICE

      # configures QEMU emulation for the Arm portion of our multi-platform Docker image build. 
      # This is required for multi-platform Docker image builds in GitHub Actions, as the hosted runners are Intel machines.
      - uses: docker/setup-qemu-action@v3

      # configures buildx for the workflow. It's required for multi-platform Docker image builds in GitHub Actions
      - uses: docker/setup-buildx-action@v3

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ matrix.image }}
          tags: |
            # set latest tag for default branch
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Login to ${{ env.REGISTRY }}
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v5
        with:
          context: ${{ matrix.dockerpath }}
          file: ${{ matrix.dockerpath }}/Dockerfile
          push: ${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64,linux/arm64
      
  helm:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
      
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Helm
        uses: azure/setup-helm@v4.2.0
        with:
          version: v3.15.0
          
      - name: Login to ${{ env.REGISTRY }}
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Package and push Helm chart
        run: |
          helm package ./charts/mdc-simulation -d charts
          chart_version=$(helm show chart ./charts/mdc-simulation | grep '^version:' | awk '{print $2}')
          helm push ./charts/mdc-simulation-$chart_version.tgz oci://${{ env.REGISTRY }}/microsoft/defender-for-cloud/attacksimulation
          