name: "Docker"

on:
  push:
    branches: [ "main" ]
    paths:
      - "**.nix"
      - "**.rs"
      - "**.lock"
      - "Cargo.toml"
  pull_request:
    paths:
      - "**.nix"
      - "**.rs"
      - "**.lock"
      - "Cargo.toml"
  workflow_dispatch:

jobs:
  build:
    name: "Build image"

    strategy:
      fail-fast: false
      matrix:
        arch: [ "amd64", "arm64" ]

    runs-on: "ubuntu-latest"

    steps:
      - name: "Checkout repository"
        uses: "actions/checkout@v4"

      - name: "Install Nix"
        uses: "cachix/install-nix-action@v31"

      - name: "Build Docker image"
        id: "build"
        env:
          ARCH: ${{ matrix.arch }}
        run: |
          nix build \
            --fallback \
            --print-build-logs \
            .#container-"$ARCH"

          # exit if no `result` from nix build
          [ ! -L result ] && exit 1
          echo "path=$(readlink -f ./result)" >> "$GITHUB_OUTPUT"

      - name: "Upload image"
        uses: "actions/upload-artifact@v4"
        with:
          name: "container-${{ matrix.arch }}"
          path: ${{ steps.build.outputs.path }}
          if-no-files-found: "error"
          retention-days: 1

  release-gate:
    name: "Docker Release Gate"
    needs: [ "build" ]

    if: ${{ always() }}

    runs-on: "ubuntu-latest"

    steps:
      - name: "Exit with error"
        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
        run: |
          exit 1

  push:
    name: "Push image"
    needs: [ "release-gate" ]

    if: ${{ github.event_name == 'push' }}

    runs-on: "ubuntu-latest"

    permissions:
      contents: "read"
      packages: "write"

    env:
      REGISTRY: "ghcr.io"
      USERNAME: ${{ github.actor }}
      IMAGE_NAME: "chill_discord_bot"

    steps:
      - name: "Checkout repository"
        uses: "actions/checkout@v4"

      - name: "Download images"
        uses: "actions/download-artifact@v4"
        with:
          path: "images"

      - name: "Login to registry"
        uses: "docker/login-action@v3"
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ env.USERNAME }}
          password: ${{ github.token }}

      - name: "Push to registry"
        env:
          TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
        run: |
          architectures=("amd64" "arm64")
          for arch in "${architectures[@]}"; do
            docker load < images/container-"$arch"/*.tar.gz
            docker tag "$IMAGE_NAME":latest-"$arch" "$TAG"-"$arch"
            docker push "$TAG"-"$arch"
          done

          docker manifest create "$TAG" \
            --amend "$TAG"-amd64 \
            --amend "$TAG"-arm64

          docker manifest push "$TAG"