---
name: Build container image
on:
  pull_request:
    branches:
      - main
  #schedule:
  #  - cron: "05 4 */3 * *" # 4:05am every three days.
  push:
    branches:
      - main
    paths-ignore:
      - "**/README.md"
  workflow_dispatch:

env:
  REGISTRY: ${{ vars.REGISTRY || 'davejansen.dev' }}
  REGISTRY_USERNAME: ${{ github.actor }}
  IMAGE_TAG: ${{ vars.IMAGE_TAG || 'latest' }}
  IMAGE_NAME: ${{ github.event.repository.name }}

concurrency:
  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{
    inputs.brand_name}}-${{ inputs.stream_name }}
  cancel-in-progress: true

jobs:
  build_push:
    name: Build and push image
    runs-on: ubuntu-24.04

    permissions:
      contents: read
      packages: write
      id-token: write

    steps:
      - name: Prepare environment
        run: |
          # Lowercase the image uri
          echo "REGISTRY=${REGISTRY,,}" >> ${GITHUB_ENV}
          echo "IMAGE_NAME=${IMAGE_NAME,,}" >> ${GITHUB_ENV}

      - name: Checkout
        uses: actions/checkout@v6

      - name: Get current date
        id: date
        run: |
          # This generates a timestamp like what is defined on the ArtifactHub documentation
          # E.G: 2022-02-08T15:38:15Z'
          # https://artifacthub.io/docs/topics/repositories/container-images/
          # https://linux.die.net/man/1/date
          echo "date=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)" >> $GITHUB_OUTPUT

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ env.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Build and push image
        id: build_image
        uses: docker/build-push-action@v6
        with:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.REGISTRY_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}

      #
      # # This section is optional and only needs to be enabled if you plan on distributing
      # # your project for others to consume. You will need to create a public and private key
      # # using Cosign and save the private key as a repository secret in Github for this workflow
      # # to consume. For more details, review the image signing section of the README.
      # - name: Install Cosign
      #   uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
      #   if: github.event_name != 'pull_request' && github.ref ==
      #     format('refs/heads/{0}', github.event.repository.default_branch)
      #
      # - name: Sign container image
      #   if: github.event_name != 'pull_request' && github.ref ==
      #     format('refs/heads/{0}', github.event.repository.default_branch)
      #   env:
      #     IMAGE_FULL:
      #       ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_OWNER }}/${{ env.IMAGE_NAME
      #       }}
      #     TAGS: ${{ steps.push.outputs.digest }}
      #     COSIGN_EXPERIMENTAL: false
      #     COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
      #     COSIGN_PASSWORD: ""
      #   run: |
      #     for tag in ${{ steps.metadata.outputs.tags }}; do
      #       cosign sign -y --key env://COSIGN_PRIVATE_KEY $IMAGE_FULL:$tag
      #     done