name: Build and Push Docker Images

on:
  push:
    branches: [main]

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      # Forgejo's built-in container registry. The auto-provided token can push
      # packages for the repo owner; if push fails on auth, create a Forgejo
      # access token with package read/write and use it here instead.
      - name: Log in to Forgejo container registry
        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin

      # Runner is on the arm64 Mac Mini, so a plain build produces a native
      # arm64 image (matches the deploy host) with no QEMU.
      - name: Build and push API image
        run: |
          IMAGE=git.plexultra.com/${{ github.repository }}
          docker build --target production -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
          docker push "$IMAGE:main"
          docker push "$IMAGE:${{ github.sha }}"

      - name: Build and push Nginx image
        run: |
          IMAGE=git.plexultra.com/${{ github.repository }}-nginx
          docker build --target nginx-frontend -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
          docker push "$IMAGE:main"
          docker push "$IMAGE:${{ github.sha }}"