.github/workflows/ci.yml

name: ci

on:
  push:
    branches: [ "master" , "dev"]
    tags: [ '*.*.*' ]
  pull_request:

env:
  REGISTRY: ghcr.io  # Using GitHub Container Registry
  IMAGE_NAME: ${{ github.repository }}

jobs:
  prepare:
    runs-on: ubuntu-latest
    steps:
      - name: Convert repository name to lowercase
        id: set-variables
        run: |
          echo "image=${{ env.REGISTRY }}/${IMAGE_NAME,,}" >>${GITHUB_OUTPUT}
          echo "push=${{ github.event_name != 'pull_request' }}" >>${GITHUB_OUTPUT}

      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ steps.set-variables.outputs.image }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}
    outputs:
      image: ${{ steps.set-variables.outputs.image }}
      push: ${{ steps.set-variables.outputs.push }}
      meta-json: ${{ steps.meta.outputs.json }}
      meta-labels: ${{ steps.meta.outputs.labels }}
      meta-version: ${{ steps.meta.outputs.version }}

  build:
    needs:
      - prepare
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    strategy:
      matrix:
        platform:
          - linux/amd64
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up QEMU
        if: matrix.platform != 'linux/amd64'
        uses: docker/setup-qemu-action@v3

      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v3

      - name: Log into registry ${{ env.REGISTRY }}
        if: needs.prepare.outputs.push == 'true'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image by digest
        id: build
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: ${{ matrix.platform }}
          outputs: type=image,name=${{ needs.prepare.outputs.image }},push-by-digest=true,name-canonical=true,push=${{ needs.prepare.outputs.push }}
          labels: ${{ needs.prepare.outputs.meta-labels }}

      - name: Export digest
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/${digest#sha256:}"
        shell: bash

      - name: Sanitize platform string
        id: platform
        env:
          PLATFORM_STRING: ${{ matrix.platform }}
        run: |
          echo "value=${PLATFORM_STRING//\//_}" >> $GITHUB_OUTPUT
        shell: bash

      - name: Upload digest
        if: needs.prepare.outputs.push == 'true'
        uses: actions/upload-artifact@v4
        with:
          name: digest-${{ steps.platform.outputs.value }}
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1

  push:
    needs:
      - prepare
      - build
    if: needs.prepare.outputs.push == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Download digests
        uses: actions/download-artifact@v4
        with:
          path: /tmp/digests
          pattern: digest-*
          merge-multiple: true

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log into registry ${{ env.REGISTRY }}
        if: needs.prepare.outputs.push == 'true'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Create manifest list and push
        if: needs.prepare.outputs.push == 'true'
        working-directory: /tmp/digests
        run: |
          docker buildx imagetools create $(jq -r '"-t " + (.tags | join(" -t "))' <<< '${{ needs.prepare.outputs.meta-json }}') \
            $(printf '${{ needs.prepare.outputs.image }}@sha256:%s ' *)

      - name: Inspect image
        if: needs.prepare.outputs.push == 'true'
        run: |
          docker buildx imagetools inspect '${{ needs.prepare.outputs.image }}:${{ needs.prepare.outputs.meta-version }}'