name: gitea pipeline build

inputs:
  inputs:
    git_repository:
      description: 'repository to clone'
      required: true
    java_version:
      description: 'the Java Version to use'
      required: false
      default: '25'
    java_distribution:
      description: 'the java distribution to use'
      required: false
      default: 'liberica'
    maven_version:
      description: 'the maven version to use'
      required: false
      default: '3.9.14'
    sonar_host:
      description: 'the sonar host to use'
      required: true
    sonar_token:
      description: 'the ssh key to use for checkout'
      required: true
    dtrack_host_name:
      description: 'the dtrack server to use'
      required: true
    dtrack_protocol:
      description: 'the protocol to connect to the dtrack server, default to https'
      required: false
      default: "https"
    dtrack_port:
      description: 'the port to connect to the dtrack server to, defaults to 443'
      required: false
      default: "443"
    dtrack_bom_file:
      description: 'the location of the bom file'
      required: true
    dtrack_project_uuid:
      description: 'the dtrack project id to use'
      required: true
    dtrack_api_key:
      description: 'the ssh key to use for checkout'
      required: true

runs:
  using: 'composite'
  steps:
    - name: Clone repository
      shell: bash
      env:
        REPO_URL: ${{ inputs.git_repository }}
      run: |
        git clone "$REPO_URL" source
        cd source
        git checkout ${{ github.ref_name }}

    - name: Set up JDK ${{ inputs.java_version }}
      uses: actions/setup-java@v5
      with:
        distribution: ${{ inputs.java_distribution }}
        java-version: ${{ inputs.java_version }}
        cache: 'maven'

    - name: Set up Maven ${{ inputs.maven_version }}
      uses: stCarolas/setup-maven@v4
      with:
        maven-version: ${{ inputs.maven_version }}

    - name: Build with Maven
      working-directory: source
      shell: bash
      run: mvn -B clean verify sonar:sonar org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -Dsonar.host.url="${{ inputs.sonar_host }}" -Dsonar.token="${{ inputs.sonar_token }}"

    - name: Upload SBOM to DTrack
      uses: DependencyTrack/gh-upload-sbom@v3
      with:
        serverhostname: ${{ inputs.dtrack_host_name }}
        protocol: ${{ inputs.dtrack_protocol }}
        port: ${{ inputs.dtrack_port }}
        apikey: ${{ inpts.dtrack_api_key }}
        project: ${{ inputs.dtrack_project_uuid }}
        bomfilename: ${{ inputs.dtrack_bom_file }}