# GOSEC_VERSION
# Only required to install a specifiy version
GOSEC_VERSION?=v2.18.1 # renovate: datasource=github-releases depName=securego/gosec

# CONTAINER_RUNTIME
# The CONTAINER_RUNTIME variable will be used to specified the path to a
# container runtime. This is needed to start and run a container image.
CONTAINER_RUNTIME?=$(shell which podman)

# GOSEC_IMAGE_REGISTRY_NAME
# Defines the name of the new container to be built using several variables.
GOSEC_IMAGE_REGISTRY_NAME:=docker.io
GOSEC_IMAGE_REGISTRY_USER:=volkerraschek

GOSEC_IMAGE_NAMESPACE?=${GOSEC_IMAGE_REGISTRY_USER}
GOSEC_IMAGE_NAME:=gosec
GOSEC_IMAGE_VERSION?=latest
GOSEC_IMAGE_FULLY_QUALIFIED=${GOSEC_IMAGE_REGISTRY_NAME}/${GOSEC_IMAGE_NAMESPACE}/${GOSEC_IMAGE_NAME}:${GOSEC_IMAGE_VERSION}
GOSEC_IMAGE_UNQUALIFIED=${GOSEC_IMAGE_NAMESPACE}/${GOSEC_IMAGE_NAME}:${GOSEC_IMAGE_VERSION}

# BUILD CONTAINER IMAGE
# ==============================================================================
PHONY:=container-image/build
container-image/build:
	${CONTAINER_RUNTIME} build \
		--build-arg GOSEC_VERSION=${GOSEC_VERSION} \
		--file Dockerfile \
		--no-cache \
		--pull \
		--tag ${GOSEC_IMAGE_FULLY_QUALIFIED} \
		--tag ${GOSEC_IMAGE_UNQUALIFIED} \
		.

# DELETE CONTAINER IMAGE
# ==============================================================================
PHONY:=container-image/delete
container-image/delete:
	- ${CONTAINER_RUNTIME} image rm ${GOSEC_IMAGE_FULLY_QUALIFIED} ${GOSEC_IMAGE_UNQUALIFIED}
	- ${CONTAINER_RUNTIME} image rm ${BASE_IMAGE_FULL}

# PUSH CONTAINER IMAGE
# ==============================================================================
PHONY+=container-image/push
container-image/push:
	echo ${GOSEC_IMAGE_REGISTRY_PASSWORD} | ${CONTAINER_RUNTIME} login ${GOSEC_IMAGE_REGISTRY_NAME} --username ${GOSEC_IMAGE_REGISTRY_USER} --password-stdin
	${CONTAINER_RUNTIME} push ${GOSEC_IMAGE_FULLY_QUALIFIED}

# PHONY
# ==============================================================================
# Declare the contents of the PHONY variable as phony.  We keep that information
# in a variable so we can use it in if_changed.
.PHONY: ${PHONY}