name: Build Container

on:
  workflow_dispatch: {}
  push: {}

jobs:
  build-container:
    name: Build Container
    runs-on: docker
    container:
      image: ghcr.io/osscontainertools/kaniko:alpine
    steps:
      - name: Install required system packages
        run: apk add --no-cache nodejs
      
      - name: Checkout source code
        uses: actions/checkout@v6

      - name: Build Container
        env:
          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
        run: /kaniko/executor
          --dockerfile="${{forgejo.workspace }}/Containerfile"
          --context="dir://${{ forgejo.workspace }}"
          --destination=git.hamburg.ccc.de/ccchh/dooris:latest
          --tar-path=${{ forgejo.workspace }}/image.tar
          --no-push-cache
          --credential-helpers=env
          --annotation=org.opencontainers.image.ref.name=dooris
          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}
          --annotation=org.opencontainers.image.licenses=AGPL-3.0

      - name: Push Container (prod-only)
        if: ${{ forgejo.ref_name == 'main' }}
        run: |
          apk add --no-cache skopeo
          skopeo copy "docker-archive:${{ forgejo.workspace }}/image.tar" docker://git.hamburg.ccc.de/ccchh/dooris:latest --dest-creds="forgejo-actions:${{ secrets.PACKAGES_TOKEN }}"