name: Docker Main
permissions:
  contents: read
on:
  push:
    branches:
      - main

jobs:
  publish:
    runs-on: ubuntu-latest
    outputs:
      sha-tag: ${{ steps.metadata.outputs.sha-tag }}
      image: ${{ steps.metadata.outputs.image }}

    steps:
      - name: Checkout
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # pin@v3
        with:
          fetch-depth: 0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # pin@v1

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # pin@v1

      - name: Login to DockerHub
        uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # pin@v1
        with:
          username: ${{ secrets.DOCKERHUB_USER }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Prepare Image Metadata
        id: metadata
        run: |
          IMAGE=pomerium/pomerium
          SHA_TAG=git-${GITHUB_SHA::8}
          TAGS=${IMAGE}:main
          TAGS=${TAGS},${IMAGE}:master
          TAGS=${TAGS},${IMAGE}:${SHA_TAG}
          TS=$(date +%Y%m%d%H%M%S)
          echo ::set-output name=tags::${TAGS}
          echo ::set-output name=timestamp::${TS}
          echo ::set-output name=name::pomerium
          echo ::set-output name=image::${IMAGE}
          echo ::set-output name=sha-tag::${SHA_TAG}

      - name: Docker Publish - Main
        uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # pin@v2
        with:
          context: .
          file: ./Dockerfile
          push: true
          platforms: linux/amd64,linux/arm64
          tags: ${{ steps.metadata.outputs.tags }}
          labels: |
            org.opencontainers.image.created=${{ steps.metadata.outputs.timestamp }}
            org.opencontainers.image.name=${{ steps.metadata.outputs.name }}
            org.opencontainers.image.revision=${{ github.sha }}

      - name: Docker Publish - Debug
        uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8 # pin@v2
        with:
          context: .
          file: ./Dockerfile.debug
          push: true
          platforms: linux/amd64,linux/arm64
          tags: pomerium/pomerium:debug
          labels: |
            org.opencontainers.image.created=${{ steps.metadata.outputs.timestamp }}
            org.opencontainers.image.name=${{ steps.metadata.outputs.name }}
            org.opencontainers.image.revision=${{ github.sha }}

  deploy:
    runs-on: ubuntu-latest
    needs: publish
    steps:
      - name: Checkout Gitops Repo
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # pin@v3
        with:
          repository: pomerium/gitops-argocd
          token: ${{ secrets.APPARITOR_GITHUB_TOKEN }}

      - name: Bump psql environment
        uses: mikefarah/yq@c2c48bbe1d7a0e30293c2428a2dfc44298ffeeaf # pin@v4.23.1
        with:
          cmd:
            yq eval '.pomerium.image.tag = "${{ needs.publish.outputs.sha-tag }}"' -i
            projects/pomerium-master-postgres/pomerium/values.yaml

      - name: Commit changes
        uses: stefanzweifel/git-auto-commit-action@49620cd3ed21ee620a48530e81dba0d139c9cb80 # pin@v4
        with:
          commit_message: |
            Bump test environment pomerium/pomerium
            Image tag: ${{ needs.publish.outputs.sha-tag }}
            Source Repo: ${{ github.repository }}@${{ github.sha }}