name: Build and publish Docker image

on:
  push:
  pull_request:
  workflow_dispatch:

env:
  REGISTRY: git.newpipe-ev.de
  # make sure the name is lowercase, otherwise Docker won't accept it
  IMAGE_NAME: newpipe-ev/website

jobs:
  build:
    runs-on: ubuntu-latest

    permissions:
      contents: read

    steps:
      - uses: actions/checkout@v3

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

      - name: Build Docker image with kaniko
        uses: https://code.thetadev.de/ThetaDev/action-kaniko@dbb8da86cf2d498dde8ec1b3be967ceda17a21ff
        with:
          image: ${{ env.IMAGE_NAME }}
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          tag: ${{ steps.meta.outputs.tags }}
          platforms: linux/amd64
          tag_with_latest: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}

      - name: Trigger redeployment
        if: gitea.ref == 'refs/heads/main'
        env:
          UPDATE_URL: ${{ secrets.UPDATE_URL }}
          UPDATE_TOKEN: ${{ secrets.UPDATE_TOKEN }}
        run: |
          curl "$UPDATE_URL" -H "Authorization: Bearer ${UPDATE_TOKEN}"