name: Publish Docker Image

on:
  push:
    branches:
      - main
    tags:
      - "v*"
  workflow_dispatch:

jobs:
  docker:
    runs-on: docker
    container:
      image: node:20-alpine
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Docker CLI + Buildx
        shell: sh
        run: |
          apk add --no-cache docker-cli docker-cli-buildx

      - name: Build image metadata
        id: meta
        shell: sh
        run: |
          SERVER_URL="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}"
          if [ -z "$SERVER_URL" ]; then
            echo "Neither GITHUB_SERVER_URL nor GITEA_SERVER_URL is set."
            exit 1
          fi

          REGISTRY_HOST="${SERVER_URL#http://}"
          REGISTRY_HOST="${REGISTRY_HOST#https://}"
          IMAGE_REPO="$(echo "$GITHUB_REPOSITORY" | tr '[:upper:]' '[:lower:]')"

          echo "registry_host=$REGISTRY_HOST" >> "$GITHUB_OUTPUT"
          echo "image=$REGISTRY_HOST/$IMAGE_REPO" >> "$GITHUB_OUTPUT"

      - name: Log in to Gitea Container Registry
        shell: sh
        env:
          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
          LEGACY_TOKEN: ${{ secrets.GITEA_TOKEN }}
          ACTOR_USERNAME: ${{ github.actor }}
        run: |
          USERNAME="$REGISTRY_USERNAME"
          TOKEN="$REGISTRY_TOKEN"

          if [ -z "$USERNAME" ]; then
            USERNAME="$ACTOR_USERNAME"
          fi

          if [ -z "$TOKEN" ]; then
            TOKEN="$LEGACY_TOKEN"
          fi

          if [ -z "$USERNAME" ] || [ -z "$TOKEN" ]; then
            echo "Registry login failed: set REGISTRY_USERNAME and REGISTRY_TOKEN (or fallback GITEA_TOKEN)."
            exit 1
          fi

          echo "$TOKEN" | docker login "${{ steps.meta.outputs.registry_host }}" -u "$USERNAME" --password-stdin

      - name: Build and push image
        shell: sh
        run: |
          IMAGE="${{ steps.meta.outputs.image }}"
          SHA_TAG="${GITHUB_SHA}"
          REF_TYPE="${GITHUB_REF_TYPE}"
          REF_NAME="${GITHUB_REF_NAME}"

          TAG_ARGS="--tag $IMAGE:$SHA_TAG"

          # latest only for pushes to main
          if [ "$REF_TYPE" = "branch" ] && [ "$REF_NAME" = "main" ]; then
            TAG_ARGS="$TAG_ARGS --tag $IMAGE:latest"
          fi

          # semver tags for refs like v1.2.3 -> v1.2.3, v1.2, v1
          if [ "$REF_TYPE" = "tag" ]; then
            case "$REF_NAME" in
              v[0-9]*.[0-9]*.[0-9]*)
                MAJOR="$(echo "$REF_NAME" | cut -d. -f1)"
                MINOR="$(echo "$REF_NAME" | cut -d. -f2)"
                TAG_ARGS="$TAG_ARGS --tag $IMAGE:$REF_NAME --tag $IMAGE:$MAJOR.$MINOR --tag $IMAGE:$MAJOR"
                ;;
              *)
                TAG_ARGS="$TAG_ARGS --tag $IMAGE:$REF_NAME"
                ;;
            esac
          fi

          docker buildx version
          docker buildx build --push $TAG_ARGS .