name: Build containers

on:
  workflow_dispatch:
  pull_request:
    branches: ["main"]
  push:
    branches: ["main"]

jobs:
  build_push:
    name: Build and push image
    runs-on: job-v2

    strategy:
      fail-fast: false
      matrix:
        image: [asahi-cosmic]
        version: [43] #Build current stable,next stable/rawhide (if not branched)
        arch: [linux/arm64] #todo fix

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Login to Container Registry
        uses: redhat-actions/podman-login@v1
        if: (github.event_name == 'push' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main'
        with:
          registry: git.plabble.org
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: test
        run: |
          sudo apt install -y bubblewrap
          bwrap --unshare-user --unshare-ipc --unshare-pid --unshare-net true

      - name: Build
        id: build
        uses: job79/buildah-build@58fa3e218f800e67fc91a4d109bcaeddd6cf2101
        with:
          sudo: true
          image: misthios/${{ matrix.image}}
          tags: ${{ matrix.version }}
          context: ./
          containerfiles: ./Containerfile
          platforms: ${{ matrix.arch }}
          build-args : |
            VERSION=${{ matrix.version }}
            IMAGE=${{ matrix.image }}
          extra-args: |
            --cap-add=all
            --device=/dev/fuse
            --security-opt=label=disable
            --isolation=chroot
            --device=/dev/kvm