name: Build and Push Docker Image

on:
  push:
    branches:
      - master

jobs:
  # Verifies if Docker image with current version already exists in registry
  # This prevents rebuilding the same version but allows pulls and version changes
  # to always trigger new builds. Uses lightweight manifest inspect (no download)
  build_web_app__check_image_version:
    uses: ./.gitea/workflows/check_image_version.yml
    with:
      workspacePath: './web-app'
      imageName: 'utility-bills-tracker'
      registryUrl: 'registry.budakova.org'
      registryUsername: ${{ vars.PROFILE_REGISTRY_USERNAME }}
      registryNamespace: 'knee-cola'
    secrets:
      registryToken: ${{ secrets.PROFILE_REGISTRY_TOKEN }}

  # Builds and pushes Docker image to registry if:
  # - Image with current version doesn't exist in registry
  # This prevents rebuilding the same version unnecessarily
  build_web_app:
    needs: [build_web_app__check_image_version]
    if: needs.build_web_app__check_image_version.outputs.image_exists == 'false'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Registry
        # Gitea automatically provides these secrets:
        # - `vars.REGISTRY_USERNAME` - defined as action variable in **repo settings**
        # - `secrets.REGISTRY_TOKEN` - defined as action secret in **repo settings**
        #                              created in user settings as personal access token with `write:packages` scope
        # - `vars.PROFILE_REGISTRY_USERNAME` - defined as action variable in **profile settings**
        # - `secrets.PROFILE_REGISTRY_TOKEN` - defined as action secret in **profile settings**
        #                                      created in user settings as personal access token with `write:packages` scope
        run: |
          echo "${{ secrets.PROFILE_REGISTRY_TOKEN }}" | docker login registry.budakova.org -u "${{ vars.PROFILE_REGISTRY_USERNAME }}" --password-stdin

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: ./web-app
          push: true
          tags: |
            registry.budakova.org/knee-cola/utility-bills-tracker:${{ needs.build_web_app__check_image_version.outputs.version }}
            registry.budakova.org/knee-cola/utility-bills-tracker:latest
          cache-from: type=registry,ref=registry.budakova.org/knee-cola/utility-bills-tracker:buildcache
          cache-to: type=registry,ref=registry.budakova.org/knee-cola/utility-bills-tracker:buildcache,mode=max