name: build-image

on:
  push:
    branches: [ main ]
  workflow_dispatch:

jobs:
  docker:
    runs-on: [docker, linux, x86_64]
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU (optional for multi-arch)
        uses: docker/setup-qemu-action@v3

      - name: Set up Buildx
        uses: docker/setup-buildx-action@v3

      # Login only if secrets are present
      - name: Login to registry
        if: ${{ secrets.REGISTRY && secrets.REGISTRY_USER && secrets.REGISTRY_PASSWORD }}
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Compute image tags
        id: meta
        run: |
          IMAGE_NAME="${{ secrets.IMAGE_NAME || 'jottacloud' }}"
          REG="${{ secrets.REGISTRY || '' }}"
          if [ -n "$REG" ]; then
            FULL="${REG}/${IMAGE_NAME}"
          else
            # Fallback: local name (no push)
            FULL="${IMAGE_NAME}"
          fi
          echo "full=${FULL}" >> $GITHUB_OUTPUT
          # Tag with commit sha and 'latest'
          echo "tags=${FULL}:latest,${FULL}:${GITHUB_SHA::7}" >> $GITHUB_OUTPUT

      - name: Build (and push if logged in)
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64
          push: ${{ secrets.REGISTRY && secrets.REGISTRY_USER && secrets.REGISTRY_PASSWORD }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: |
            org.opencontainers.image.source=${{ github.repository }}
            org.opencontainers.image.revision=${{ github.sha }}