---
name: Container Publish

env:
  REGISTRY: docker.asperti.com
  REPOSITORY: paspo/webserver-nginx

on:
  push:
    branches:
      - master
  schedule:
    - cron: "0 12 3 * *"
  workflow_dispatch:
  workflow_call:
  workflow_run:
    workflows: [vulnscan.yaml]
    types: [completed]

jobs:
  on-success-skip:
    runs-on:
      labels: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    steps:
      - run: exit_with_success

  build-image:
    runs-on:
      labels: [ubuntu-latest, "arch-${{ matrix.arch }}"]
    container:
      image: catthehacker/ubuntu:act-latest
    strategy:
      matrix:
        arch: [amd64, arm64]

    steps:
      - uses: actions/checkout@v4

      - name: Login to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: Build and publish
        run: |
          docker build \
            --tag ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }} \
            --platform linux/${{ matrix.arch }} --no-cache -f Dockerfile .
          docker push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-${{ matrix.arch }}


  manifest:
    name: update docker manifest
    needs: build-image
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest

    steps:
      - name: Login to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      - name: latest
        run: |
          docker manifest create \
            ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest \
            --amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-amd64 \
            --amend ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest-arm64
          docker manifest push ${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest