name: DockerHub Description

on:
  push:
    branches:
      - 'trunk'
    paths:
      - 'Dockerfiles/*/README.md'
      - '.github/workflows/dockerhub_description.yml'
  workflow_dispatch:

env:
  DOCKER_REPOSITORY: "zabbix"
  DOCKERFILES_DIRECTORY: "./Dockerfiles"

jobs:
  main:
    name: Update description
    runs-on: ubuntu-latest
    env:
      DOCKER_REPOSITORY: "zabbix"
    permissions:
      contents: read
    strategy:
      fail-fast: false
      matrix:
        component:
          - build-base
          - build-mysql
          - build-pgsql
          - build-sqlite3
          - agent
          - agent2
          - java-gateway
          - proxy-mysql
          - proxy-sqlite3
          - server-mysql
          - server-pgsql
          - snmptraps
          - web-apache-mysql
          - web-apache-pgsql
          - web-nginx-mysql
          - web-nginx-pgsql
          - web-service
    steps:
      - name: Block egress traffic
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Update DockerHub repo description (zabbix-${{ matrix.component }})
        uses: peter-evans/dockerhub-description@v4
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          repository: ${{ env.DOCKER_REPOSITORY }}/zabbix-${{ matrix.component }}
          readme-filepath: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.component }}/README.md