---
name: docker-build-main

description: "Runs docker-build-main"

inputs:
  roleId:
    description: 'This is the vault approle id'
    required: true
  secretId:
    description: 'This is the vault approle secret id'
    required: true

runs:
  using: composite
  steps:
    - name: Get Vault secrets
      id: import-secrets
      uses: https://stackit-iaas.git.onstackit.cloud/actions/vault-action@v3
      with:
        url: ${{ vars.VAULT_HOST }}
        caCertificate: ${{ vars.VAULT_CA_CERT }}
        method: approle
        outputToken: true
        roleId: ${{ inputs.roleId }}
        secretId: ${{ inputs.secretId }}
        secrets: |
          iaas/data/docker-registry/registry.infra.eu01.int.stackit.cloud harbor-push | REGISTRY_PASS ;
          iaas/data/git/forgejo/iaas-technical-user readonly | FORGEJO_SECRET_TOKEN ;
          iaas/data/azure read_only_token | AZURE_DEVOPS_TOKEN ;
    - name: Login to Registry
      uses: https://stackit-iaas.git.onstackit.cloud/actions/login-action@v4
      with:
        registry: ${{ env.REGISTRY_URL }}
        username: ${{ env.REGISTRY_USER }}
        password: ${{ env.REGISTRY_PASS }}
    - name: docker-build-main
      env:
        DOCKER_FORGEJO_TOKEN: ${{ steps.import-secrets.outputs.FORGEJO_SECRET_TOKEN }}
        DOCKER_AZURE_DEVOPS_TOKEN: ${{ steps.import-secrets.outputs.AZURE_DEVOPS_TOKEN }}
      shell: bash
      run: |
        set -x
        if [ -n "${BRANCH_NAME}" ]; then
          BRANCH_NICE=$(echo ${BRANCH_NAME} | iconv -t ascii | sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g | tr A-Z a-z)
          DOCKER_TAG="${REGISTRY_URL}/${DOCKER_PATH}:${BRANCH_NICE}-${TARGET_ARCH}"
        elif [ -n "${TAG}" ]; then
          DOCKER_TAG="${REGISTRY_URL}/${DOCKER_PATH}:${TAG}-${TARGET_ARCH}"
        else
          echo "Either TAG or BRANCH_NAME env variable need to be set. Exiting."
          exit 1
        fi

        is_release="${RELEASE:-false}"
        build_args=("--tag" "$DOCKER_TAG")
        if [[ $RELEASE == "true" ]]; then
          DOCKER_LATEST="${REGISTRY_URL}/${DOCKER_PATH}:latest-${TARGET_ARCH}"
          build_args+=("--tag" "$DOCKER_LATEST")
        fi

        set +x
        docker build . \
          --build-arg FORGEJO_TOKEN="${DOCKER_FORGEJO_TOKEN}" \
          --build-arg AZURE_DEVOPS_TOKEN="${DOCKER_AZURE_DEVOPS_TOKEN}" \
          --file ${DOCKER_FILE} \
          --platform "linux/${TARGET_ARCH}" \
          --provenance false \
          "${build_args[@]}"

        docker push $DOCKER_TAG

        if [[ $RELEASE == true ]]; then
          docker push $DOCKER_LATEST
        fi