name: docker

# https://docs.github.com/de/actions/using-workflows/workflow-syntax-for-github-actions
# https://docs.github.com/en/actions/using-workflows
# https://docs.github.com/en/actions/learn-github-actions/contexts
# https://docs.github.com/en/actions/learn-github-actions/expressions

# How to setup: https://event-driven.io/en/how_to_buid_and_push_docker_image_with_github_actions/
# How to run: https://aschmelyun.com/blog/using-docker-run-inside-of-github-actions/

on:
  # run it on push to the default repository branch
  push:
    paths-ignore:
      - 'docs/**'
      - '**.md'
    tags-ignore:
      - '**'
    # branches is needed if tags-ignore is used
    branches:
      - '**'
  schedule:
    # Run weekly on default branch
    - cron: '47 3 * * 6'

jobs:
  build-and-push-docker-debian-image:
    name: Build Docker Bullseye image and push to repositories
    # run only when code is compiling and tests are passing
    runs-on: ubuntu-latest

    # steps to perform in job
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      # avoid building if there are testing errors
      - name: Run smoke test
        run: |
          sudo apt-get install -y libzbar0
          python -m pip install --upgrade pip
          pip install -U -r requirements-dev.txt
          pip install -U .
          pytest

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
        # TODO remove workaround when fixed
        with:
          driver-opts: |
            image=moby/buildkit:v0.10.6

      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Github Packages
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_IO_TOKEN }}

      - name: "Build image and push to Docker Hub and GitHub Container Registry"
        id: docker_build_qr_reader_latest
        uses: docker/build-push-action@v3
        with:
          platforms: linux/amd64,linux/arm64
          # relative path to the place where source code with Dockerfile is located
          # TODO file:, move to docker/
          context: .
          file: Dockerfile
          # builder: ${{ steps.buildx.outputs.name }}
          # Note: tags has to be all lower-case
          pull: true
          tags: |
            scit0/extract_otp_secrets:latest
            scit0/extract_otp_secrets:bullseye
            ghcr.io/scito/extract_otp_secrets:latest
            ghcr.io/scito/extract_otp_secrets:bullseye
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' }}

      - name: Image digest
        # TODO upload digests to assets
        run: |
          echo "extract_otp_secrets digests: ${{ steps.docker_build_qr_reader_latest.outputs.digest }}"
          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
        uses: actions/upload-artifact@v3
        with:
          name: debian_digests
          path: digests.txt

  build-and-push-docker-alpine-image:
    name: Build Docker Alpine image and push to repositories
    # run only when code is compiling and tests are passing
    runs-on: ubuntu-latest

    # steps to perform in job
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      # avoid building if there are testing errors
      - name: Run smoke test
        run: |
          sudo apt-get install -y libzbar0
          python -m pip install --upgrade pip
          pip install -U -r requirements-dev.txt
          pip install -U .
          pytest

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2

      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Github Packages
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_IO_TOKEN }}

      - name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry"
        id: docker_build_only_txt
        uses: docker/build-push-action@v3
        with:
          # relative path to the place where source code with Dockerfile is located
          platforms: linux/amd64,linux/arm64
          context: .
          file: Dockerfile_only_txt
          # builder: ${{ steps.buildx.outputs.name }}
          # Note: tags has to be all lower-case
          pull: true
          tags: |
            scit0/extract_otp_secrets:only-txt
            scit0/extract_otp_secrets:alpine
            ghcr.io/scito/extract_otp_secrets:only-txt
            ghcr.io/scito/extract_otp_secrets:alpine
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' }}
          build-args: |
            RUN_TESTS=true

      - name: Image digest
        # TODO upload digests to assets
        run: |
          echo "extract_otp_secrets:only-txt digests: ${{ steps.docker_build_only_txt.outputs.digest }}"
          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt

      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
        uses: actions/upload-artifact@v3
        with:
          name: alpine_digests
          path: digests.txt