name: Docker

on:
  pull_request:
    branches: [master]
  push:
    branches: [master]
    # Publish vX.X.X tags as releases.
    tags: ["v*.*.*"]

permissions:
  contents: read
  packages: write

jobs:
  build-n-push:
    name: Build and Push
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repo
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

      - name: Get Version
        shell: bash
        run: echo "BUILD_VERSION=${GITHUB_REF_NAME}-${GITHUB_SHA::7}" >> $GITHUB_ENV

      - name: Login to Docker Hub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Login to GitHub Container Registry
        if: github.event_name != 'pull_request'
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: |
            wgportal/wg-portal
            ghcr.io/${{ github.repository }}
          flavor: |
            latest=auto
            prefix=
            suffix=
          tags: |
            type=ref,event=tag
            type=ref,event=branch
            # semver tags, without v prefix
            type=semver,pattern={{version}}
            # major and major.minor tags are not available for alpha or beta releases
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=semver,pattern=v{{major}}.{{minor}}
            type=semver,pattern=v{{major}}

      - name: Build and push Docker image
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          build-args: |
            BUILD_VERSION=${{ env.BUILD_VERSION }}

      - name: Export binaries from images
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/arm/v7
          target: binaries
          outputs: type=local,dest=./binaries
          build-args: |
            BUILD_VERSION=${{ env.BUILD_VERSION }}

      - name: Rename binaries
        run: |
          for file in binaries/linux*/wg-portal; do
            mv $file binaries/wg-portal_$(basename $(dirname $file))
          done

      - name: Upload binaries
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: binaries
          path: binaries/wg-portal_linux*
          retention-days: 10

  release:
    if: startsWith(github.ref, 'refs/tags/v')
    runs-on: ubuntu-latest
    needs: build-n-push
    permissions:
      contents: write
    steps:
      - name: Download binaries
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: binaries

      - name: Create GitHub Release
        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
        with:
          files: 'wg-portal_linux*'
          generate_release_notes: true