name: Build Primary Docker Image

on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      version:
        description: 'Semantic version to label the Docker image under (no "v" prefix, e.g. "1.2.3")'
        required: true
        type: string
      tag_latest:
        description: 'Also tag this image as :latest? (Keep false for RC and beta releases)'
        required: false
        type: boolean
        default: false

jobs:
  check_authorization:
    name: Check authorization to publish new Docker image
    runs-on: ubuntu-latest
    outputs:
      isAuthorized: ${{ steps.check-auth.outputs.is_authorized }}
    steps:
      - name: check-auth
        id: check-auth
        run: |
          if [ "${{ github.event_name }}" = "release" ]; then
            echo "is_authorized=true" >> $GITHUB_OUTPUT
          else
            echo "is_authorized=${{ contains(secrets.DEPLOYMENT_AUTHORIZED_USERS, github.triggering_actor) }}" >> $GITHUB_OUTPUT
          fi

  build:
    name: Build and push multi-arch primary image
    needs: check_authorization
    if: needs.check_authorization.outputs.isAuthorized == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Resolve version and tags
        id: vars
        run: |
          if [ "${{ github.event_name }}" = "release" ]; then
            VERSION="${{ github.event.release.tag_name }}"
            VERSION="${VERSION#v}"
            TAG_LATEST=${{ !github.event.release.prerelease }}
          else
            VERSION="${{ inputs.version }}"
            TAG_LATEST=${{ inputs.tag_latest }}
          fi

          TAGS="ghcr.io/${{ github.repository_owner }}/project-nomad:${VERSION}
          ghcr.io/${{ github.repository_owner }}/project-nomad:v${VERSION}"
          if [ "$TAG_LATEST" = "true" ]; then
            TAGS="$TAGS
          ghcr.io/${{ github.repository_owner }}/project-nomad:latest"
          fi

          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "tags<<EOF" >> $GITHUB_OUTPUT
          echo "$TAGS" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.vars.outputs.tags }}
          build-args: |
            VERSION=${{ steps.vars.outputs.version }}
            BUILD_DATE=${{ github.event.release.created_at }}
            VCS_REF=${{ github.sha }}
      - name: Inspect image
        run: |
          docker buildx imagetools inspect ghcr.io/${{ github.repository_owner }}/project-nomad:${{ steps.vars.outputs.version }}