name: Build container images

on:
  workflow_dispatch:
  pull_request:
    branches: ["main"]
  push:
    branches: ["main"]

jobs:
  build_push:
    name: Build and push image
    runs-on: job-v2

    strategy:
      fail-fast: false
      matrix:
        image: [base]
        version: [43]

    container:
      image: "quay.io/fedora-ostree-desktops/buildroot:43"
      options: "--security-opt apparmor=unconfined --privileged --user 0:0 --device=/dev/kvm --device=/dev/fuse --volume /:/run/host:rw"

    steps:
      - name: Install dependencies
        run: |
          dnf install -y nodejs
          dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree

      - name: Checkout
        uses: actions/checkout@v4

      - name: Build Bootable Container image
        run: |
          ./builder.sh "${{ matrix.image }}" "${{ matrix.version }}"

      - name: Prepare Docker config directory
        run: mkdir -p /root/.docker

      - name: Login to Container Registry
        uses: redhat-actions/podman-login@v1
        if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
        with:
          registry: git.plabble.org
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}
          auth_file_path: /tmp/auth.json

      - name: Push container image to container registry
        id: push
        run: |
          # Determine buildid (same logic as upstream)
          if [[ -f ".buildid" ]]; then
              buildid="$(< .buildid)"
          else
              buildid="$(date '+%Y%m%d.0')"
              echo "${buildid}" > .buildid
          fi

          version="${{ matrix.version }}"
          image="${{ matrix.image }}"
          archive="images/${image}/manifest.ociarchive"

          echo "Pushing ${archive} as ${image}:${version}.${buildid}"

          # Push version.buildid
          skopeo copy \
            --authfile /tmp/auth.json \
            --retry-times 3 \
            --dest-compress-format zstd \
            --dest-label containers.bootc=1 \
            --dest-label ostree.bootable=true \
            oci-archive:${archive} \
            docker://git.plabble.org/misthios/${image}:${version}.${buildid}

          # Push version
          skopeo copy \
            --authfile /tmp/auth.json \
            --retry-times 3 \
            --dest-compress-format zstd \
            --dest-label containers.bootc=1 \
            --dest-label ostree.bootable=true \
            docker://git.plabble.org/misthios/${image}:${version}.${buildid} \
            docker://git.plabble.org/misthios/${image}:${version}