name: Publish
on:
  push:
    branches:
      - main

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Import Secrets
        id: import-secrets
        uses: hashicorp/vault-action@v2
        with:
          url: http://vault.avril
          method: kubernetes
          # TODO - when https://github.com/go-gitea/gitea/pull/33945 is merged, instead use per-workflow OIDC-based auth
          role: act-runner-helm-charts
          secrets: |
            shared-secrets/data/gitea/pat_to_push_images token | GITEA_TOKEN

      - name: Login to Gitea
        uses: docker/login-action@v3
        with:
          username: scubbo
          password: ${{ env.GITEA_TOKEN }}
          registry: gitea.scubbo.org

      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and push image
        uses: docker/build-push-action@v3
        with:
          context: .
          file: Dockerfile
          target: prod
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            scubbo/edh-elo:${{ gitea.sha }}
            scubbo/edh-elo:latest

      - name: Output
        run: |
          echo "Image pushed: scubbo/edh-elo:${{ gitea.sha }}"

      # TODO - update Helm chart with new image