name: Deployment

on:
  push:

env:
  TRIVY_VERSION: "0.26.1"

jobs:
  container:
    runs-on: docker
    container: fleaz/kubeci
    steps:
    - name: "Setup k8s context"
      run: |
        echo "${{secrets.KUBE_API_CRT}}" > /tmp/ca.pem
        kubectl config set-cluster k3s --server=${{secrets.KUBE_HOST}} --certificate-authority=/tmp/ca.pem
        kubectl config set-credentials forgejo --token="${{secrets.KUBE_API_TOKEN}}"
        kubectl config set-context k3s --cluster k3s --user forgejo --namespace default
        kubectl config use-context k3s
    - name: "Deploy"
      run: |
        helm repo add aqua https://aquasecurity.github.io/helm-charts/
        helm repo update aqua
        helm upgrade --install trivy-operator aqua/trivy-operator \
          --namespace trivy-system \
          --version "${TRIVY_VERSION}"