name: latest image to DockerHub
on:
  push:
    branches:
      - master
permissions:
  contents: read
jobs:
  publish-image-to-dockerhub:
    name: publish to DockerHub
    permissions:
      id-token: write # To be able to get OIDC ID token to sign images.
    # prevent job running from forked repository, otherwise
    # 1. running on the forked repository would fail as missing necessary secret.
    # 2. running on the forked repository would use unnecessary GitHub Action time.
    if: ${{ github.repository == 'karmada-io/karmada' && github.ref == 'refs/heads/master' }}
    strategy:
      matrix:
        target:
          - karmada-controller-manager
          - karmada-scheduler
          - karmada-descheduler
          - karmada-webhook
          - karmada-agent
          - karmada-scheduler-estimator
          - karmada-interpreter-webhook-example
          - karmada-aggregated-apiserver
          - karmada-search
          - karmada-operator
          - karmada-metrics-adapter
    runs-on: ubuntu-22.04
    steps:
      - name: checkout code
        uses: actions/checkout@v4
        with:
          # fetch-depth:
          # 0 indicates all history for all branches and tags.
          # for `git describe --tags` in Makefile.
          fetch-depth: 0
      - name: install Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.8.1
        with:
          cosign-release: 'v2.2.3'
      - name: install QEMU
        uses: docker/setup-qemu-action@v3
      - name: install Buildx
        uses: docker/setup-buildx-action@v3
      - name: login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USER_NAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: build and publish images
        env:
          REGISTRY: karmada
          VERSION: latest
          COSIGN_EXPERIMENTAL: 1
          SIGN_IMAGE: 1
        run: make mp-image-${{ matrix.target }}