.github/workflows/cron.yml

name: Build Website
on:
  schedule:
    - cron: "0 1,13 * * *"
  workflow_dispatch:

jobs:
  build:
    name: Build Website
    runs-on: ubuntu-22.04
    steps:
      - name: Maximize build space
        uses: easimon/maximize-build-space@v10
        with:
            root-reserve-mb: 32768 # The Go cache (`~/.cache/go-build` and `~/go/pkg`) requires a lot of storage space.
            remove-android: "true"
            remove-docker-images: "true"
            remove-dotnet: "true"
            remove-haskell: "true"

      - name: Set up Go 1.22
        uses: actions/setup-go@v4
        with:
          go-version: '1.22'
        id: go

      - name: Setup Hugo
        uses: peaceiris/actions-hugo@v3
        with:
          hugo-version: "0.126.1"

      - name: Check out code into the Go module directory
        uses: actions/checkout@v3
      
      - name: Create build folder
        run:  mkdir avd-repo

      - name: Checkout public vuln-list-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/vuln-list
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/vuln-list

      - name: Checkout public vuln-list-nvd-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/vuln-list-nvd
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/vuln-list-nvd

      - name: Checkout public vuln-list-redhat-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/vuln-list-redhat
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/vuln-list-redhat

      - name: Checkout public kube-hunter-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/kube-hunter
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/kube-hunter-repo

      - name: Checkout public cloud-security-remediation-guides-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/cloud-security-remediation-guides
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/remediations-repo

      - name: Checkout public tracee-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/tracee
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/tracee-repo

      - name: Checkout public cloudsploit-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/cloudsploit
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/cloudsploit-repo

      - name: Checkout public trivy-policies-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/trivy-policies
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/trivy-policies-repo

      - name: Checkout public kube-bench-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/kube-bench
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/kube-bench-repo

      - name: Checkout public chain-bench-repo
        uses: actions/checkout@v3
        with:
          repository: aquasecurity/chain-bench
          token: ${{ secrets.ORG_REPO_TOKEN }}
          path: avd-repo/chain-bench-repo

      - name: Build generator
        run: make md-clean md-build

      - name: Sync avd-repo with latest changes from generator
        run: make sync-all

      - name: Build and Generate Markdown pages
        run: make md-generate

      ## We have already created *.md files, so we can remove the repositories to save free space.
      - name: Remove repositories
        run: make remove-all-repos

      - name: Generate Hugo website
        run: make hugo-generate

      - name: Copy assets
        run: make copy-assets

      - name: Deploy Search Index to MeiliSearch Instance
        run: |
          cd avd-repo
          curl -H 'Content-Type: application/json' -H 'X-Meili-API-Key: ${{ secrets.SEARCHAPITOKEN }}' -X POST ${{ secrets.SEARCHAPIHOST }}/indexes/avd/documents?primaryKey=title --data @docs/searchindex.json

      - name: Install AWS CLI
        run: |
          python3 -m venv .venv
          source .venv/bin/activate
          pip3 install awscli

      - name: Sync changes to the bucket
        run: aws s3 sync --no-progress --only-show-errors --size-only avd-repo/docs ${{ secrets.PROD_AVD_BUCKET }}
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.PROD_AVD_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.PROD_AVD_SECRET_ACCESS_KEY }}
          AWS_REGION: us-east-1

      - name: Microsoft Teams Notification
        ## Until the PR with the fix for the AdaptivCard version is merged yet
        ## https://github.com/Skitionek/notify-microsoft-teams/pull/96
        ## Use the aquasecurity fork
        uses: aquasecurity/notify-microsoft-teams@master
        if: failure()
        with:
          webhook_url: ${{ secrets.TRIVY_MSTEAMS_WEBHOOK }}
          needs: ${{ toJson(needs) }}
          job: ${{ toJson(job) }}
          steps: ${{ toJson(steps) }}

  keepalive-job:  # needed to keep GitHub from disabling the actions due to inactivity
    name: Keepalive Workflow
    runs-on: ubuntu-latest
    permissions:
      actions: write
    steps:
      - uses: actions/checkout@v4
      - uses: gautamkrishnar/keepalive-workflow@v2