name: DockerHub Description

on:
  push:
    branches:
      - 'trunk'
    paths:
      - 'Dockerfiles/*/README.md'
      - '.github/workflows/dockerhub_description.yml'
  workflow_dispatch:

env:
  DOCKER_REPOSITORY: "zabbix"
  IMAGES_PREFIX: "zabbix-"
  DOCKERFILES_DIRECTORY: "./Dockerfiles"

permissions:
   contents: read

jobs:
  main:
    name: Update description
    runs-on: ubuntu-latest
    env:
      DOCKER_REPOSITORY: "zabbix"
    permissions:
      contents: read
    strategy:
      fail-fast: false
      matrix:
        component:
          - build-base
          - build-mysql
          - build-pgsql
          - build-sqlite3
          - agent
          - agent2
          - java-gateway
          - proxy-mysql
          - proxy-sqlite3
          - server-mysql
          - server-pgsql
          - snmptraps
          - web-apache-mysql
          - web-apache-pgsql
          - web-nginx-mysql
          - web-nginx-pgsql
          - web-service
    steps:
      - name: Block egress traffic
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            github.com:443
            hub.docker.com:443

      - name: Checkout repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          fetch-depth: 1

      - name: Update DockerHub repo description (zabbix-${{ matrix.component }})
        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          repository: ${{ env.DOCKER_REPOSITORY }}/${{ env.IMAGES_PREFIX }}${{ matrix.component }}
          readme-filepath: ${{ env.DOCKERFILES_DIRECTORY }}/${{ matrix.component }}/README.md