name: Push to image registry

on:
  workflow_call:
  workflow_dispatch:

jobs:
  push:
    name: Push image
    runs-on: ubuntu-latest

    permissions:
      packages: write

    env:
      REGISTRY: ghcr.io
      USERNAME: getchoo

    steps:
      - name: Set image name
        run: |
          echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV"

      - uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v9

      - name: Setup Attic cache
        uses: ryanccn/attic-action@v0
        with:
          endpoint: https://cache.mydadleft.me
          cache: teawiebot
          token: ${{ secrets.ATTIC_TOKEN }}

      - name: Login to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ env.USERNAME }}
          password: ${{ github.token }}

      - name: Push to registry
        env:
          TAG: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
        run: |
          set -eux

          architectures=("x86_64" "aarch64")
          for arch in "${architectures[@]}"; do
            nix build -L --accept-flake-config .#container-"$arch"
            docker load < result
            docker tag ${{ env.IMAGE_NAME }}:latest-"$arch" ${{ env.TAG }}-"$arch"
            docker push ${{ env.TAG }}-"$arch"
            rm result
          done

          docker manifest create ${{ env.TAG }} \
            --amend ${{ env.TAG }}-x86_64 \
            --amend ${{ env.TAG }}-aarch64

          docker manifest push ${{ env.TAG }}