name: Build and Push Container Image

on:
  push:
    branches:
      - main
    tags:
      - "v*"

jobs:
  build-and-push:
    runs-on: orchestration-platform
    container:
      image: docker:latest

    steps:
      - name: Install tools
        run: |
          apk add --no-cache git curl
          # Install crane for pushing to insecure registries
          curl -sL https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_x86_64.tar.gz | tar -xz -C /usr/local/bin crane

      - name: Checkout code
        run: |
          git clone --branch "${GITHUB_REF_NAME}" "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" .

      - name: Determine image tag
        id: meta
        run: |
          if echo "${{ gitea.ref }}" | grep -q "refs/tags/"; then
            TAG=$(echo "${{ gitea.ref }}" | sed 's|refs/tags/||')
          else
            TAG="latest"
          fi
          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"

      - name: Build image
        run: |
          REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}:${{ steps.meta.outputs.tag }}"
          docker build -t "${IMAGE}" .
          docker save "${IMAGE}" -o image.tar

      - name: Push image
        run: |
          REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          IMAGE="${REGISTRY_HOST}/${{ gitea.repository }}:${{ steps.meta.outputs.tag }}"
          crane auth login "${REGISTRY_HOST}" -u "${{ gitea.actor }}" -p "${{ secrets.REGISTRY_TOKEN }}" --insecure
          crane push image.tar "${IMAGE}" --insecure