name: Build containers

on:
  workflow_dispatch:
  pull_request:
    branches: ["main"]
  push:
    branches: ["main"]

jobs:
  build_push:
    name: Build and push image
    runs-on: coole-runner

    env:
      IMAGE: asahi-cosmic
      VERSION: 43

    container:
      image: "quay.io/fedora-ostree-desktops/buildroot:${{ env.VERSION }}"
      options: "--security-opt=label=disable --privileged --user 0:0 --device=/dev/fuse --volume /:/run/host:rw"

    steps:

      - name: Install rpm-ostree + tools
        run: |
          dnf upgrade -y --enablerepo=updates-testing --refresh rpm-ostree
          dnf install -y nodejs skopeo jq buildah rsync git
          mkdir -p ~/.docker

      - name: Fix containers/storage.conf
        run: |
          sed -i 's/driver = "overlay"/driver = "vfs"/' /usr/share/containers/storage.conf

      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Log in to registry
        uses: redhat-actions/podman-login@v1
        with:
          registry: git.plabble.org
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}
          auth_file_path: /tmp/auth.json

      - name: Build rootfs with rpm-ostree
        run: |
          sudo -E ./builder.sh "${IMAGE}" "${VERSION}"

      - name: Generate changelog
        run: |
          ./changelog.sh "${IMAGE}" "${VERSION}"

      - name: Build and push OCI image from rootfs
        run: |
          set -xeuo pipefail

          REGISTRY="git.plabble.org/misthios"
          ROOTFS="images/${IMAGE}/rootfs"

          if [[ ! -d "${ROOTFS}" ]]; then
            echo "ERROR: rootfs not found at ${ROOTFS}"
            exit 1
          fi

          # Build ID (YYYYMMDD.0)
          if [[ -f ".buildid" ]]; then
            buildid="$(< .buildid)"
          else
            buildid="$(date '+%Y%m%d.0')"
            echo "${buildid}" > .buildid
          fi

          full_tag="${VERSION}.${buildid}"

          export STORAGE_DRIVER=vfs

          ctr="$(buildah from scratch)"
          mnt="$(buildah mount "${ctr}")"

          rsync -aHAX "${ROOTFS}/" "${mnt}/"

          buildah config --label containers.bootc=1 "${ctr}"
          buildah config --env container=oci "${ctr}"
          buildah config --cmd "/sbin/init" "${ctr}"

          buildah commit "${ctr}" "localhost/${IMAGE}:${full_tag}"
          buildah unmount "${ctr}"

          skopeo copy \
            --authfile /tmp/auth.json \
            containers-storage:localhost/${IMAGE}:${full_tag} \
            docker://${REGISTRY}/${IMAGE}:${full_tag}

          skopeo copy \
            --authfile /tmp/auth.json \
            containers-storage:localhost/${IMAGE}:${full_tag} \
            docker://${REGISTRY}/${IMAGE}:${VERSION}

      - name: Commit and push changelog
        if: github.ref == 'refs/heads/main'
        run: |
          git config user.name "Automation"
          git config user.email "actions@invalid.tld"
          git add changelogs/
          git commit -m "Update changelog for ${IMAGE} ${VERSION} build $(cat .buildid)" || echo "No changes"
          git push