name: build and push docker image
run-name: building docker image and push them to git.dacremont.xyz
on:
  workflow_dispatch: {}
  push:
    branches: [ "main" ]
    paths:
      - 'dockerfile'
    # publish semver tags as releases.
    tags: [ 'v*.*.*' ]


env:
  # use docker.io for docker hub if empty
  registry: git.dacremont.xyz
  # gitea.repository as <account>/<repo>
  image_name: ${{ gitea.repository }}


jobs:
  build-and-push-docker:
    runs-on: ubuntu-latest
    container: ghcr.io/catthehacker/ubuntu:act-latest
    permissions:
      contents: read
      packages: write
      # this is used to complete the identity challenge
      # with sigstore/fulcio when running outside of prs.
      id-token: write

    steps:
      - name: checkout repository
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker-container

      - name: restore docker cache
        uses: actions/cache@v3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ gitea.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-

            # login against a docker registry except on pr
            # https://`.com/docker/login-action
      - name: log into registry ${{ env.registry }}
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: ${{ env.registry }}
          username: ${{ secrets.username }}
          password: ${{ secrets.token }}

      - name: build and push docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          pull: true
          no-cache: true
          tags: |
            ${{ env.registry }}/${{ env.image_name }}:${{ gitea.sha }}
            ${{ env.registry }}/${{ env.image_name }}:latest
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache