name: docker-image

on:
  push:
    tags:
      - "v*"

env:
  REGISTRY_HOST: code.wanderingbadger.dev
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Verify tag commit is on main
        run: |
          git fetch origin main --no-tags
          TAG_COMMIT="${GITHUB_SHA}"
          MAIN_COMMIT="$(git rev-parse origin/main)"

          if ! git merge-base --is-ancestor "$TAG_COMMIT" "$MAIN_COMMIT"; then
            echo "Tag ${GITHUB_REF_NAME} does not point to a commit reachable from origin/main"
            exit 1
          fi

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
        with:
          platforms: amd64,arm64

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY_HOST }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Build and push multi-arch image
        uses: docker/build-push-action@v6
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          push: true
          provenance: false
          sbom: false
          tags: |
            ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
            ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:latest