when:
  - event: push
    path: 
      - 'penpot/**'
      - '.woodpecker/penpot.yaml'
  - event: cron
    cron: daily

# Manually set a workspace path, so we can use it literally, without using
# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
# https://github.com/woodpecker-ci/woodpecker/issues/3982
workspace:
  path: src

# Use matrix to set PENPOT_VERSION instead of setting the PENPOT_VERSION as an
# environment variable in the build-images step, since string substitution
# doesn't work for custom environment variables.
# https://github.com/woodpecker-ci/woodpecker/issues/3983
# Also because global environment variables aren't a thing.
matrix:
  PENPOT_VERSION:
    - 2.1.2
  IMAGE_BASE_NAME:
    - git.hamburg.ccc.de/ccchh/oci-images/penpot
  IMAGE_TYPE:
    - frontend
    - backend
    - exporter

steps:
  - name: setup-image-path
    image: alpine
    commands:
      - mkdir /woodpecker/images

  - name: setup-penpot-repo
    image: alpine
    commands:
      - apk -u add git curl
      - git clone --branch $PENPOT_VERSION https://github.com/penpot/penpot.git /woodpecker/penpot
      - cd /woodpecker/penpot
      - git submodule update --init --recursive
      # Get build system patch allowing for building images with kaniko.
      # https://github.com/penpot/penpot/pull/4945
      # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d
      - curl https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch
      # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set.
      # https://github.com/penpot/penpot/issues/4975
      # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0
      - curl https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login-is-disabled.patch
      - git config user.name "Woodpecker"
      - git config user.email "woodpecker@woodpecker.invalid"
      - git am *.patch

  - name: build-image
    image: gcr.io/kaniko-project/executor
    entrypoint:
      - /kaniko/executor
      - --context=dir:///woodpecker/penpot
      - --dockerfile=./docker/images/Dockerfile.${IMAGE_TYPE}
      - --destination=${IMAGE_BASE_NAME}/${IMAGE_TYPE}:${PENPOT_VERSION}
      - --no-push
      - --tar-path=/woodpecker/images/penpot-${IMAGE_TYPE}.tar

  - name: publish-image
    image: docker.io/library/alpine
    secrets:
      - GIT_API_TOKEN
    commands:
      - apk -u add crane
      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
      - crane push /woodpecker/images/penpot-$IMAGE_TYPE.tar $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH

  - name: tag-version
    image: docker.io/library/alpine
    when:
      - branch: main
    secrets:
      - GIT_API_TOKEN
    commands:
      - apk -u add crane
      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
      - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH $PENPOT_VERSION

  - name: tag-latest
    image: docker.io/library/alpine
    when:
      - branch: main
        evaluate: 'PENPOT_VERSION == "2.1.2"'
    secrets:
      - GIT_API_TOKEN
    commands:
      - apk -u add crane
      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
      - crane tag $IMAGE_BASE_NAME/$IMAGE_TYPE:$PENPOT_VERSION-$CI_COMMIT_BRANCH latest