name: Build containers

on:
  workflow_dispatch:
  pull_request:
    branches: ["main"]
  push:
    branches: ["main"]

jobs:
  build_push:
    name: Build and push image
    runs-on: coole-runner
    strategy:
      fail-fast: false
      matrix:
        image: [asahi-cosmic]
        version: [43]

    container:
      image: "quay.io/fedora-ostree-desktops/buildroot:${{ matrix.version }}"
      options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"

    steps:

      - name: Install rpm-ostree + tools
        run: |
          dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
          dnf install -y nodejs skopeo jq buildah rsync
          mkdir -p ~/.docker

      - name: Fix containers/storage.conf
        run: |
          sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf

      - name: Checkout
        uses: actions/checkout@v4

      - name: Log in to registry
        uses: redhat-actions/podman-login@v1
        with:
          registry: git.plabble.org
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}
          auth_file_path: /tmp/auth.json

      - name: Debug paths
        run: |
          pwd
          ls -l
          ls -l images || echo "images/ missing"
          ls -l images/asahi-cosmic || echo "image dir missing"
          ls -l images/asahi-cosmic/manifest.yaml || echo "manifest missing"

      - name: Build rootfs with rpm-ostree
        run: |
          cd "$GITHUB_WORKSPACE"
          sudo -E ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}"

      - name: Build and push OCI image from rootfs
        run: |
          set -xeuo pipefail

          IMAGE="${{ matrix.image }}"
          VERSION="${{ matrix.version }}"
          REGISTRY="git.plabble.org/misthios"

          # Your builder outputs rootfs here:
          ROOTFS="images/${IMAGE}/manifest.ociarchive"

          if [[ ! -d "${ROOTFS}" ]]; then
            echo "ERROR: rootfs not found at ${ROOTFS}"
            exit 1
          fi

          # Build ID (YYYYMMDD.0)
          if [[ -f ".buildid" ]]; then
            buildid="$(< .buildid)"
          else
            buildid="$(date '+%Y%m%d.0')"
            echo "${buildid}" > .buildid
          fi

          # Extract version from os-release mutation
          version="$(rpm-ostree compose tree --print-only --repo=repo images/${IMAGE}/manifest.yaml | jq -r '."mutate-os-release"')"
          full_tag="${version}.${buildid}"

          echo "Building OCI image from rootfs..."

          export STORAGE_DRIVER=vfs

          ctr="$(buildah from scratch)"
          mnt="$(buildah mount "${ctr}")"

          rsync -aHAX "${ROOTFS}/" "${mnt}/"

          buildah config --cmd "/sbin/init" "${ctr}"
          buildah commit "${ctr}" "localhost/${IMAGE}:${full_tag}"
          buildah unmount "${ctr}"

          echo "Pushing image to registry..."

          skopeo copy \
            --authfile /tmp/auth.json \
            containers-storage:localhost/${IMAGE}:${full_tag} \
            docker://${REGISTRY}/${IMAGE}:${full_tag}

          skopeo copy \
            --authfile /tmp/auth.json \
            containers-storage:localhost/${IMAGE}:${full_tag} \
            docker://${REGISTRY}/${IMAGE}:${version}

          echo "Pushed:"
          echo " - ${REGISTRY}/${IMAGE}:${full_tag}"
          echo " - ${REGISTRY}/${IMAGE}:${version}"