# Workflow name
name: Build and Push Docker-in-Docker Container

# Run-name for each workflow run
run-name: Build and Push Docker-in-Docker Container for ${{ github.ref_name }}

# Triggers for the workflow
on:
  # On pushes to the main branch if relevant files change
  push:
    branches:
    - main
    paths:
    - 'containers/dockerindocker/**'
    - '.forgejo/workflows/dockerindocker.yml'
  # Allows manual triggering from the Forgejo UI
  workflow_dispatch: {}
  # Scheduled run every Friday at 8 PM UTC
  schedule:
  - cron: '0 20 * * 5'

jobs:
  build-and-push:
    # Strategy to build for multiple architectures
    strategy:
      matrix:
        arch: [ amd64, arm64 ]
    # Use a runner that matches the architecture.
    # This assumes you have runners tagged with 'amd64' and 'arm64'.
    runs-on: ${{ matrix.arch }}
    steps:
    # 1. Check out the repository code
    - name: Checkout repository
      uses: actions/checkout@v4

    # 2. Set up Docker Buildx for multi-platform builds
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    # 3. Login to the Forgejo container registry
    #    Requires CI_REGISTRY, CI_REGISTRY_USER, and CI_TOKEN secrets to be set in Forgejo.
    - name: Login to Forgejo Registry
      uses: docker/login-action@v3
      with:
        registry: ${{ secrets.CI_REGISTRY }}
        username: ${{ secrets.CI_REGISTRY_USER }}
        password: ${{ secrets.CI_TOKEN }}

    # 4. Build and push the Docker image for the specific architecture
    - name: Build and push (${{ matrix.arch }})
      uses: docker/build-push-action@v5
      with:
        context: ./containers/dockerindocker/
        file: ./containers/dockerindocker/Dockerfile
        platforms: linux/${{ matrix.arch }}
        push: true
        tags: |
          ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:${{ matrix.arch }}-latest
        # Enable caching to speed up subsequent builds
        cache-from: type=registry,ref=${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:buildcache-${{ matrix.arch }}
        cache-to: type=registry,ref=${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:buildcache-${{ matrix.arch }},mode=max

  # This job runs after all 'build-and-push' jobs have succeeded
  create-manifest:
    needs: build-and-push
    # A standard runner is sufficient for creating a manifest
    runs-on: amd64
    steps:
    # 1. Login to the Forgejo container registry again
    - name: Login to Forgejo Registry
      uses: docker/login-action@v3
      with:
        registry: ${{ secrets.CI_REGISTRY }}
        username: ${{ secrets.CI_REGISTRY_USER }}
        password: ${{ secrets.CI_TOKEN }}

    # 2. Create and push the multi-arch manifest
    #    This combines the amd64 and arm64 images under a single 'latest' tag.
    - name: Create and push multi-arch manifest
      run: |
        docker manifest create ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:latest \
          --amend ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:amd64-latest \
          --amend ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:arm64-latest
        docker manifest push ${{ secrets.CI_REGISTRY }}/${{ secrets.CI_REPOSITORY }}/dockerindocker:latest