name: Build and Push Lunchtime Images (Kaniko)

on:
  push:
    branches:
      - main
      - master
    tags:
      - "v*"
    paths:
      - "src/**"
  workflow_dispatch:

env:
  REGISTRY: git.sgruber.at
  IMAGE_NAMESPACE: lunchtime

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Compute image tags and auth
        id: meta
        shell: bash
        run: |
          SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
          IMAGE_REPO="$REGISTRY/$IMAGE_NAMESPACE/lunchtime-web"

          # Prepare Kaniko destination arguments
          DESTS="--destination $IMAGE_REPO:$SHORT_SHA"

          if [[ "$GITHUB_REF_TYPE" == "tag" ]]; then
            DESTS="$DESTS --destination $IMAGE_REPO:${GITHUB_REF_NAME}"
          fi

          if [[ "$GITHUB_REF_NAME" == "main" || "$GITHUB_REF_NAME" == "master" ]]; then
            DESTS="$DESTS --destination $IMAGE_REPO:latest"
          fi

          # Create the auth string
          AUTH_B64=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w 0)
          CONFIG_JSON="{\"auths\":{\"$REGISTRY\":{\"auth\":\"$AUTH_B64\"}}}"
          CONFIG_B64=$(echo -n "$CONFIG_JSON" | base64 -w 0)

          echo "dests=$DESTS" >> "$GITHUB_OUTPUT"
          echo "config_b64=$CONFIG_B64" >> "$GITHUB_OUTPUT"

      - name: Build and Push Lunchtime Web
        uses: docker://gcr.io/kaniko-project/executor:debug
        env:
          DOCKER_CONFIG_B64: ${{ steps.meta.outputs.config_b64 }}
        with:
          entrypoint: /busybox/sh
          args: >-
            -c "mkdir -p /kaniko/.docker && 
            echo $DOCKER_CONFIG_B64 | base64 -d > /kaniko/.docker/config.json && 
            /kaniko/executor 
            --context=$GITHUB_WORKSPACE/src 
            --dockerfile=$GITHUB_WORKSPACE/src/Containerfile 
            ${{ steps.meta.outputs.dests }}"