name: Build & publish Docker images

on:
  push:
    branches: [main]
  release:
    types: [published]

env:
  REGISTRY: git.hexadual.io

jobs:
  build:
    name: Build & push all images
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        run: |
          git clone --depth 1 \
            https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@git.hexadual.io/${{ github.repository }}.git \
            .
          git checkout ${{ github.sha }}

      - name: Log in to registry
        run: |
          echo "${{ secrets.REGISTRY_TOKEN }}" | \
            docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin

      - name: Build & push egg
        run: |
          docker compose build egg
          docker compose push egg
          docker tag ${{ env.REGISTRY }}/rocobo/gcp-dot-egg:latest \
            ${{ env.REGISTRY }}/rocobo/gcp-dot-egg:${{ github.sha }}
          docker push ${{ env.REGISTRY }}/rocobo/gcp-dot-egg:${{ github.sha }}

      - name: Logout
        if: always()
        run: docker logout ${{ env.REGISTRY }} || true