name: Build and Push Docker Images

on:
  push:
    branches: [main]

jobs:
  build-and-push:
    # 'docker' is the host-mode label (no container image mapping), so the job
    # runs directly on the Mac Mini where OrbStack's docker and git are present.
    # 'ubuntu-latest' maps to a container that lacks docker, so builds fail there.
    runs-on: docker
    steps:
      # Manual checkout with plain git — the runner has no Node, so JS actions
      # like actions/checkout can't run. git + docker are available on the host.
      - name: Checkout
        run: |
          git init -q .
          git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.plexultra.com/${{ github.repository }}.git" \
            || git remote set-url origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.plexultra.com/${{ github.repository }}.git"
          git fetch --depth 1 origin "${{ github.ref_name }}"
          git checkout -q -f FETCH_HEAD

      - name: Log in to Forgejo container registry
        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login git.plexultra.com -u "${{ github.actor }}" --password-stdin

      # Runner is on the arm64 Mac Mini, so a plain build produces a native
      # arm64 image (matches the deploy host) with no QEMU.
      - name: Build and push API image
        run: |
          IMAGE=git.plexultra.com/${{ github.repository }}
          docker build --target production -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
          docker push "$IMAGE:main"
          docker push "$IMAGE:${{ github.sha }}"

      - name: Build and push Nginx image
        run: |
          IMAGE=git.plexultra.com/${{ github.repository }}-nginx
          docker build --target nginx-frontend -t "$IMAGE:main" -t "$IMAGE:${{ github.sha }}" .
          docker push "$IMAGE:main"
          docker push "$IMAGE:${{ github.sha }}"