name: Build and Push Docker Images

on:
  push:
    branches: [main]

defaults:
  run:
    shell: sh

jobs:
  build-and-push:
    # Runner offers ubuntu-latest; the label only selects the runner. The job
    # overrides the image below with docker:cli and mounts the host socket.
    runs-on: ubuntu-latest
    # Run the job in a Docker-CLI container and mount the host's Docker socket
    # (OrbStack) so `docker build` talks to the host daemon. Requires the runner
    # config to allow this volume — see valid_volumes note.
    container:
      image: docker:cli
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
    steps:
      - name: Install git
        run: apk add --no-cache git

      - name: Checkout
        run: |
          git config --global --add safe.directory '*'
          git init -q .
          git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.plexultra.com/${{ github.repository }}.git" \
            || git remote set-url origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.plexultra.com/${{ github.repository }}.git"
          git fetch --depth 1 origin "${{ github.ref_name }}"
          git checkout -q -f FETCH_HEAD

      - name: Log in to Forgejo container registry
        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin

      - name: Build and push API image
        run: |
          IMAGE=git.plexultra.com/${{ github.repository }}
          docker build --target production -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
          docker push "$IMAGE:main"
          docker push "$IMAGE:${{ github.sha }}"

      - name: Build and push Nginx image
        run: |
          IMAGE=git.plexultra.com/${{ github.repository }}-nginx
          docker build --target nginx-frontend -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
          docker push "$IMAGE:main"
          docker push "$IMAGE:${{ github.sha }}"