# SPDX-FileCopyrightText: 2024 Gnuxie <Gnuxie@protonmail.com>
# SPDX-FileCopyrightText: 2026 Catalan Lover <catalanlover@protonmail.com>
#
# SPDX-License-Identifier: CC0-1.0

# Copied from https://github.com/matrix-org/matrix-bifrost/blob/develop/.github/workflows/docker-hub-latest.yml

name: "Docker Hub - Develop"

on:
  push:
    branches:
      - main

env:
  DOCKER_NAMESPACE: gnuxie
  PLATFORMS: linux/amd64,linux/arm64
  # Only push if this is main, otherwise we just want to build
  PUSH: ${{ github.ref == 'refs/heads/main' }}
  IMG_SOURCE: https://github.com/${{ github.repository }}

jobs:
  docker-latest:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
      attestations: write
      artifact-metadata: write
    steps:
      - name: Check out
        uses: actions/checkout@v6
        with:
          fetch-depth: 0
          fetch-tags: true

      # Needed for multi platform builds
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v4
        with:
          platforms: ${{ env.PLATFORMS }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4

      - name: Log in to Docker Hub
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Build image
        id: push
        uses: docker/build-push-action@v7
        with:
          context: .
          file: ./Dockerfile
          platforms: ${{ env.PLATFORMS }}
          push: ${{ env.PUSH }}
          # Shared Buildx cache scope reused by all container image workflows.
          # Keep the scope name aligned across workflows to maximize cache hits.
          cache-from: type=gha,scope=draupnir-container-build
          cache-to: type=gha,scope=draupnir-container-build,mode=max
          labels: |
            org.opencontainers.image.source=${{ env.IMG_SOURCE }}
            org.opencontainers.image.revision=${{ github.sha }}
            org.opencontainers.image.version=${{ github.ref_name }}-${{ github.sha }}
            org.opencontainers.image.ref.name=${{ github.ref_name }}
            org.opencontainers.image.licenses=AFL-3.0
          sbom: true
          tags: |
            ${{ env.DOCKER_NAMESPACE }}/draupnir:develop

      - name: Attest pushed image
        id: attest
        if: ${{ env.PUSH == 'true' }}
        uses: actions/attest@v4
        with:
          subject-name: docker.io/${{ env.DOCKER_NAMESPACE }}/draupnir
          subject-digest: ${{ steps.push.outputs.digest }}
          push-to-registry: true