name: docker-build

on:
  push:
    tags:
      - "*"

permissions:
  contents: read
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest
    services:
      docker:
        image: docker:dind
        env:
          DOCKER_TLS_CERTDIR: ""
    container:
      image: docker:24-git
      env:
        DOCKER_HOST: tcp://docker:2375
        DOCKER_TLS_CERTDIR: ""
    env:
      REGISTRY: hub.realmanual.ru
      IMAGE_NAME: pub/sqlite-backup/backup
    steps:
      - name: Checkout (git)
        shell: sh
        env:
          TOKEN: ${{ secrets.GITEA_TOKEN }}
        run: |
          set -eu
          : "${GITHUB_SERVER_URL:?}"
          : "${GITHUB_REPOSITORY:?}"
          : "${GITHUB_SHA:?}"
          git init .
          git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
          git -c http.extraHeader="Authorization: Bearer ${TOKEN}" fetch --no-tags --depth=1 origin "${GITHUB_SHA}"
          git checkout --detach "${GITHUB_SHA}"

      - name: Extract tag
        id: vars
        shell: sh
        run: |
          TAG_REF="${GITHUB_REF#refs/tags/}"
          echo "tag=$TAG_REF" >> "$GITHUB_OUTPUT"

      - name: Docker login
        shell: sh
        run: |
          set -eu
          echo "${{ secrets.GITEA_TOKEN }}" | docker login "${{ env.REGISTRY }}" --username "${{ github.actor }}" --password-stdin

      - name: Build image
        shell: sh
        run: |
          set -eu
          docker build \
            -t "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.tag }}" \
            -t "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" \
            .

      - name: Push images
        shell: sh
        run: |
          set -eu
          docker push "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.tag }}"
          docker push "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"