# Pulled from Thanatos (https://github.com/MythicAgents/thanatos/blob/rewrite/.github/workflows/image.yml) - MEhrn00

# Name for the Github actions workflow
name: Build and push container images

on:
  # Only run workflow when there is a new release published in Github
  #release:
  #  types: [published]
  push:
    branches:
      - 'master'
      - 'Mythic3.3'
    tags:
      - "v*.*.*"

# Variables holding configuration settings
env:
  # Container registry the built container image will be pushed to
  REGISTRY: ghcr.io

  # Set the container image name to the Github repository name. (MythicAgents/apollo)
  AGENT_IMAGE_NAME: ${{ github.repository }}

  # Description label for the package in Github
  IMAGE_DESCRIPTION: ${{ github.repository }} container for use with Mythic

  # Source URL for the package in Github. This links the Github repository packages list
  # to this container image
  IMAGE_SOURCE: ${{ github.server_url }}/${{ github.repository }}

  # License for the container image
  IMAGE_LICENSE: BSD-3-Clause

  # Set the container image version to the Github release tag
  VERSION: ${{ github.ref_name }}
  #VERSION: ${{ github.event.head_commit.message }}

  RELEASE_BRANCH: master

jobs:
  # Builds the base container image and pushes it to the container registry
  agent_build:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write
    steps:
      - name: Checkout the repository
        uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout
      - name: Log in to the container registry
        uses: docker/login-action@v3 # ref: https://github.com/marketplace/actions/docker-login
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_TOKEN }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
        with:
          platforms: 'arm64,arm'
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
      # the following are unique to this job
      - name: Lowercase the server container image name
        run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV}
      - name: Build and push the server container image
        uses: docker/build-push-action@v5 # ref: https://github.com/marketplace/actions/build-and-push-docker-images
        with:
          context: Payload_Type/ares
          file: Payload_Type/ares/Dockerfile
          tags: |
            ${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:${{ env.VERSION }}
            ${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:latest
          push: ${{ github.ref_type == 'tag' }}
          # These container metadata labels allow configuring the package in Github
          # packages. The source will link the package to this Github repository
          labels: |
            org.opencontainers.image.source=${{ env.IMAGE_SOURCE }}
            org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
            org.opencontainers.image.licenses=${{ env.IMAGE_LICENSE }}
          platforms: linux/amd64,linux/arm64,linux/arm64/v8

  update_files:
    runs-on: ubuntu-latest
    needs:
      - agent_build
    permissions:
      contents: write
      packages: write

    steps:
      # Pull in the repository code
      - name: Checkout the repository
        uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout

      # update names to lowercase
      - name: Lowercase the container image name
        run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV}

      # The Dockerfile which Mythic uses to pull in the base container image needs to be
      # updated to reference the newly built container image
      - name: Fix the server Dockerfile reference to reference the new release tag
        working-directory: Payload_Type/apollo
        run: |
          sed -i "s|^FROM ghcr\.io.*$|FROM ${REGISTRY}/${AGENT_IMAGE_NAME}:${VERSION}|" Dockerfile

      - name: Update package.json version
        uses: jossef/action-set-json-field@v2.1
        with:
          file: config.json
          field: remote_images.apollo
          value: ${{env.REGISTRY}}/${{env.AGENT_IMAGE_NAME}}:${{env.VERSION}}

      # Push the changes to the Dockerfile
      - name: Push the updated base Dockerfile image reference changes
        if: ${{ github.ref_type == 'tag' }}
        uses: EndBug/add-and-commit@v9 # ref: https://github.com/marketplace/actions/add-commit
        with:
          # Only add the Dockerfile changes. Nothing else should have been modified
          add: "['Payload_Type/apollo/Dockerfile', 'config.json']"
          # Use the Github actions bot for the commit author
          default_author: github_actions
          committer_email: github-actions[bot]@users.noreply.github.com

          # Set the commit message
          message: "Bump Dockerfile tag to match release '${{ env.VERSION }}'"

          # Overwrite the current git tag with the new changes
          tag: '${{ env.VERSION }} --force'

          # Push the new changes with the tag overwriting the current one
          tag_push: '--force'

          # Push the commits to the branch marked as the release branch
          push: origin HEAD:${{ env.RELEASE_BRANCH }} --set-upstream

          # Have the workflow fail in case there are pathspec issues
          pathspec_error_handling: exitImmediately