name: Release on Dockerhub

on:
  push:
    tags:
      - "v*"

permissions:
  contents: read

jobs:
  release-image-on-dockerhub:
    name: Release on Dockerhub
    permissions:
      contents: read
    runs-on: ubuntu-latest
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
      DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
        with:
          egress-policy: audit

      - name: Checkout Repo
        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0

      - name: Get Release Tag
        id: extract_release_tag
        run: |
          TAG=${{ github.ref }}
          TAG=${TAG#refs/tags/v}
          echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV

      - name: Update package.json version
        run: |
          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.RELEASE_TAG }}\"/" ./apps/web/package.json
          cat ./apps/web/package.json | grep version

      - name: Log in to Docker Hub
        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0

      - name: Build and push Docker image
        uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1
        with:
          context: .
          file: ./apps/web/Dockerfile
          push: true
          tags: |
            ${{ secrets.DOCKER_USERNAME }}/formbricks:${{ env.RELEASE_TAG }}
            ${{ secrets.DOCKER_USERNAME }}/formbricks:latest