name: Deploy to Docker Hub

on:

  # Build and deploy the image on pushes to master branch
  push:
    branches: 
      - master
      - main

  # Build and deploy the image nightly (to ensure we pick up any security updates)
  schedule:
    - cron: "0 0 * * *"

jobs:
  deploy_dockerhub_single_arch:
    name: Deploy to DockerHub
    runs-on: ubuntu-latest
    strategy:
      matrix:
        docker-platform:
          - linux/amd64

    # Set job-wide environment variables
    #  - REPO: repo name on dockerhub
    #  - IMAGE: image name on dockerhub
    env:
      REPO: mikenye
      IMAGE: picard
    steps:

      # Check out our code
      -
        name: Checkout
        uses: actions/checkout@v2

      # Hit an issue where arm builds would fail with cURL errors regarding intermediary certificates when downloading from github (ie: deploy-s6-overlay).
      # After many hours of troubleshooting, the workaround is to pre-load the image's rootfs with the CA certificates from the runner.
      # This problem may go away in future.
      - 
        name: Copy CA Certificates from GitHub Runner to Image rootfs
        run: |
          ls -la /etc/ssl/certs/
          mkdir -p ./rootfs/etc/ssl/certs
          mkdir -p ./rootfs/usr/share/ca-certificates/mozilla
          cp --no-dereference /etc/ssl/certs/*.crt ./rootfs/etc/ssl/certs
          cp --no-dereference /etc/ssl/certs/*.pem ./rootfs/etc/ssl/certs
          cp --no-dereference /usr/share/ca-certificates/mozilla/*.crt ./rootfs/usr/share/ca-certificates/mozilla
      
      # # Set up QEMU for multi-arch builds
      # -
      #   name: Set up QEMU
      #   uses: docker/setup-qemu-action@v1

      # Log into docker hub (so we can push images)
      -
        name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      # Set up buildx
      -
        name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1

      # Build "latest"
      - 
        name: Build & Push - latest
        run: docker buildx build --no-cache --push --progress plain -t "${{ env.REPO }}/${{ env.IMAGE }}:latest" --compress --platform "${{ matrix.docker-platform }}" .

      # Get version from "latest"
      -
        name: Get latest image version
        run: |
          docker pull "${{ env.REPO }}/${{ env.IMAGE }}:latest"
          echo "VERSION_TAG=$(docker run --rm --entrypoint cat "${{ env.REPO }}/${{ env.IMAGE }}:latest" /CONTAINER_VERSION)" >> $GITHUB_ENV

      # Show version from "latest"
      -
        name: Show latest image version
        run: |
          echo "${{ env.REPO }}/${{ env.IMAGE }}:latest contains version: ${{ env.VERSION_TAG }}"

      # Build version specific
      - 
        name: Build & Push - version specific
        run: docker buildx build --push --progress plain -t "${{ env.REPO }}/${{ env.IMAGE }}:${{ env.VERSION_TAG }}" --compress --platform "${{ matrix.docker-platform }}" .