name: Build Penpot

on:
  workflow_dispatch: {}
  push: {}
  schedule:
    - cron: "@daily"

jobs:
  build-container:
    name: Build Image penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }}
    runs-on: docker
    container:
      image: ghcr.io/osscontainertools/kaniko:alpine
    strategy:
      matrix:
        penpot-version: [ "2.1.2" ]
        image-type: [ frontend, backend, exporter ]
    steps:
      - name: Install required system packages
        run: apk add --no-cache nodejs

      - name: Setup penpot repo
        uses: actions/checkout@v6
        with:
          github-server-url: github.com
          repository: penpot/penpot.git
          ref: ${{ matrix.image-penpot-version }}
          submodules: recursive
          path: penpot

      - name: Patch penpot to work with kaniko
        run: |
          # Get build system patch allowing for building images with kaniko.
          # https://github.com/penpot/penpot/pull/4945
          # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d
          curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch

          # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set.
          # https://github.com/penpot/penpot/issues/4975
          # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0
          curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login-

          # apply patches
          git config user.name "Woodpecker"
          git config user.email "woodpecker@woodpecker.invalid"
          git am *.patch

      - name: Build Container
        env:
          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
        run: /kaniko/executor
          --dockerfile="${{forgejo.workspace }}/penpot/Containerfile"
          --context="dir://${{ forgejo.workspace }}/penpot/docker/images/Dockerfile.${{ matrix.image-type }}"
          --destination=git.hamburg.ccc.de/ccchh/oci-images/penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }}
          --no-push-cache
          --credential-helpers=env
          --annotation=org.opencontainers.image.ref.name=penpot-${{ matrix.image-type }}
          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}