name: Make docker images

on:
  push:
    tags:
      - "v*"

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - image: henrygd/beszel
            context: ./
            dockerfile: ./internal/dockerfile_hub
            registry: docker.io
            username_secret: DOCKERHUB_USERNAME
            password_secret: DOCKERHUB_TOKEN

          - image: henrygd/beszel-agent
            context: ./
            dockerfile: ./internal/dockerfile_agent
            registry: docker.io
            username_secret: DOCKERHUB_USERNAME
            password_secret: DOCKERHUB_TOKEN

          - image: henrygd/beszel-agent-nvidia
            context: ./
            dockerfile: ./internal/dockerfile_agent_nvidia
            platforms: linux/amd64
            registry: docker.io
            username_secret: DOCKERHUB_USERNAME
            password_secret: DOCKERHUB_TOKEN

          - image: ghcr.io/${{ github.repository }}/beszel
            context: ./
            dockerfile: ./internal/dockerfile_hub
            registry: ghcr.io
            username: ${{ github.actor }}
            password_secret: GITHUB_TOKEN

          - image: ghcr.io/${{ github.repository }}/beszel-agent
            context: ./
            dockerfile: ./internal/dockerfile_agent
            registry: ghcr.io
            username: ${{ github.actor }}
            password_secret: GITHUB_TOKEN

          - image: ghcr.io/${{ github.repository }}/beszel-agent-nvidia
            context: ./
            dockerfile: ./internal/dockerfile_agent_nvidia
            platforms: linux/amd64
            registry: ghcr.io
            username: ${{ github.actor }}
            password_secret: GITHUB_TOKEN

    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up bun
        uses: oven-sh/setup-bun@v2

      - name: Install dependencies
        run: bun install --no-save --cwd ./internal/site

      - name: Build site
        run: bun run --cwd ./internal/site build

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Docker metadata
        id: metadata
        uses: docker/metadata-action@v5
        with:
          images: ${{ matrix.image }}
          tags: |
            type=raw,value=edge
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}

      # https://github.com/docker/login-action
      - name: Login to Docker Hub
        env:
          password_secret_exists: ${{ secrets[matrix.password_secret] != '' && 'true' || 'false' }}
        if: github.event_name != 'pull_request' && env.password_secret_exists == 'true'
        uses: docker/login-action@v3
        with:
          username: ${{ matrix.username || secrets[matrix.username_secret] }}
          password: ${{ secrets[matrix.password_secret] }}
          registry: ${{ matrix.registry }}

      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: "${{ matrix.context }}"
          file: ${{ matrix.dockerfile }}
          platforms: ${{ matrix.platforms || 'linux/amd64,linux/arm64,linux/arm/v7' }}
          push: ${{ github.ref_type == 'tag' && secrets[matrix.password_secret] != '' }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}