name: docker-build

on:
  push:
    tags:
      - "*"

permissions:
  contents: read
  packages: write

jobs:
  build:
    runs-on: docker
    env:
      REGISTRY: hub.realmanual.ru
      IMAGE_NAME: pub/sqlite-backup/backup
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Ensure tag commit is reachable from main
        shell: bash
        run: |
          set -euo pipefail
          git fetch --no-tags --depth=0 origin main
          if git merge-base --is-ancestor "$GITHUB_SHA" origin/main; then
            echo "Commit is on main history. Proceeding."
          else
            echo "Tag commit is not from main. Skipping build." >&2
            exit 0
          fi

      - name: Extract tag
        id: vars
        shell: bash
        run: |
          TAG_REF="${GITHUB_REF#refs/tags/}"
          echo "tag=$TAG_REF" >> "$GITHUB_OUTPUT"

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITEA_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          platforms: linux/amd64
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.tag }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest