.github/workflows/release-docker-image.yml

on:
  workflow_call:
    inputs:
      name:
        type: string
        description: Name
        required: true
      image_name:
        type: string
        description: Image name. i.e. drive, dapi
        required: true
      image_org:
        type: string
        description: Image org. i.e. dashpay
        required: true
      target:
        type: string
        description: Image target. i.e. drive-abci, dapi
        required: true
      tag:
        type: string
        description: Image tag, i.e. v0.1.0; note it can be inherited from 'workflow_dispatch' event
        default: ${{ github.event.inputs.tag || github.event.release.tag_name }}
      cargo_profile:
        type: string
        description: Cargo profile. i.e. release, dev
        default: release
env:
  DIGEST_NAME: digests-${{ inputs.image_org }}-${{ inputs.image_name }}-${{ inputs.tag }}-${{ inputs.cargo_profile }}-${{ github.sha }}
  DIGEST_DIR_PATH: /tmp/digests

jobs:
  build-image:
    name: Build ${{ matrix.platform }} image
    runs-on: ${{ matrix.runner }}
    timeout-minutes: 25
    strategy:
      matrix:
        include:
          - runner: ["self-hosted", "linux", "x64", "ubuntu-platform"]
            platform: linux/amd64
          - runner: ["self-hosted", "linux", "arm64", "ubuntu-platform"]
            platform: linux/arm64
    steps:
      - name: Check out repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure AWS credentials and bucket region
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Build and push by digest
        uses: ./.github/actions/docker
        id: docker_build
        with:
          image_name: ${{ inputs.image_name }}
          image_org: ${{ inputs.image_org }}
          image_version: ${{ inputs.tag }}
          target: ${{ inputs.target }}
          platform: ${{ matrix.platform }}
          cargo_profile: ${{ inputs.cargo_profile }}
          dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
          dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
          region: ${{ secrets.AWS_REGION }}
          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Export digest
        run: |
          rm -rf ${{ env.DIGEST_DIR_PATH }}
          mkdir -p ${{ env.DIGEST_DIR_PATH }}
          digest="${{ steps.docker_build.outputs.digest }}"
          touch "${{ env.DIGEST_DIR_PATH }}/${digest#sha256:}"
          ls -lah ${{ env.DIGEST_DIR_PATH }}

      - name: Upload digest
        uses: actions/upload-artifact@v3
        with:
          name: ${{ env.DIGEST_NAME }}
          path: ${{ env.DIGEST_DIR_PATH }}/*
          if-no-files-found: error
          retention-days: 1

  publish-manifest:
    name: Publish image tags
    needs: build-image
    runs-on: ubuntu-22.04
    steps:
      - name: Download digests
        uses: actions/download-artifact@v3
        with:
          name: ${{ env.DIGEST_NAME }}
          path: ${{ env.DIGEST_DIR_PATH }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Set suffix
        uses: actions/github-script@v6
        id: suffix
        with:
          result-encoding: string
          script: |
            const fullTag = '${{ inputs.tag }}';
            if (fullTag.includes('-')) {
              const suffixes = fullTag.split('-').slice(1);
              const firstElements = suffixes.map(suffix => suffix.split('.')[0]);
              return `-${firstElements.join('-')}`;
            } else {
              return '';
            }

      - name: Set Docker tags and labels from image
        id: docker_meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ inputs.image_org }}/${{ inputs.image_name }}
          tags: |
            type=match,pattern=v(.*),group=1,value=${{ inputs.tag }},priority=910,suffix=
            type=match,pattern=v(\d+),group=1,value=${{ inputs.tag }}
            type=match,pattern=v(\d+.\d+),group=1,value=${{ inputs.tag }}
            type=match,pattern=v(\d+.\d+.\d+),group=1,value=${{ inputs.tag }}
          flavor: |
            suffix=${{ steps.suffix.outputs.result }},onlatest=true
            latest=${{ github.event_name == 'release' }}

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Create manifest list and push
        working-directory: ${{ env.DIGEST_DIR_PATH }}
        run: |
          ls -lah
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ inputs.image_org }}/${{ inputs.image_name }}@sha256:%s ' *)

      - name: Inspect image
        run: |
          docker buildx imagetools inspect ${{ inputs.image_org }}/${{ inputs.image_name }}:${{ steps.docker_meta.outputs.version }}