name: gitea pipeline build
run-name: ${{ github.actor }} started maven build on ${{ github.ref_name }}

on:
  workflow_call:
    inputs:
      git_repository:
        required: true
        type: string
      java_version:
        required: false
        type: string
        default: '25'
      java_distribution:
        required: false
        type: string
        default: "liberica"
      maven_version:
        required: false
        type: string
        default: 3.9.14
      sonar_host:
        required: true
        type: string
      dtrack_host_name:
        required: false
        type: string
        default: 'dtrack.muehlencord.de'
      dtrack_protocol:
        required: false
        type: string
        default: "https"
      dtrack_port:
        required: false
        type: string
        default: "443"
      dtrack_bom_file:
        required: true
        type: string
      dtrack_project_uuid:
        required: true
        type: string
    secrets:
      SSH_PRIVATE_KEY:
        required: true
      SONAR_TOKEN:
        required: true
      DTRACK_API_KEY:
        required: true


jobs:
  build:
    name: Gitea pipeline build
    runs-on: ubuntu-latest

    steps:
      - name: Prepare SSH
        run: |
          install -m 600 -D /dev/null ~/.ssh/id_rsa
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
          ssh-keyscan -H git.muehlencord.de >> ~/.ssh/known_hosts

      - name: Clone repository
        run: |
          git clone ${{ inputs.git_repository }} source
          cd source
          git checkout ${{ github.ref_name }}

      - name: Set up JDK ${{ inputs.java_version }}
        uses: https://github.com/actions/setup-java@v5
        with:
          distribution: ${{ inputs.java_distribution }}
          java-version: ${{ inputs.java_version }}
          cache: 'maven'

      - name: Set up Maven ${{ inputs.maven_version }}
        uses: stCarolas/setup-maven@v4
        with:
          maven-version: ${{ inputs.maven_version }}

      - name: Build with Maven
        working-directory: source
        run: mvn -B jacoco:prepare-agent verify sonar:sonar org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -Dsonar.host.url="${{ inputs.sonar_host }}" -Dsonar.token="${{ secrets.SONAR_TOKEN }}"

      - name: Upload SBOM to DTrack
        uses: DependencyTrack/gh-upload-sbom@v3
        with:
          serverHostname: ${{ inputs.dtrack_host_name }}
          protocol: ${{ inputs.dtrack_protocol }}
          port: ${{ inputs.dtrack_port }}
          apiKey: ${{ secrets.DTRACK_API_KEY }}
          project: ${{ inputs.dtrack_project_uuid }}
          bomFilename: ${{ inputs.dtrack_bom_file }}