name: Build Docker Image
on:
  push:
    branches:
      - trunk

jobs:
  nix-flake-check:
    runs-on: debian-latest
    steps:
      - name: Install prerequisites
        run: |
          apt update && apt install -y sudo zstd
          echo "USER=$(whoami)" >> $GITHUB_ENV

      - name: Install Nix
        uses: https://github.com/nixbuild/nix-quick-install-action@v25

      - name: Remove access_tokens
        run: sed -i '/^access-tokens/d' /etc/nix/nix.conf

      - name: Restore and cache Nix store
        uses: https://github.com/nix-community/cache-nix-action@v1
        with:
          linux-gc-enabled: true
          linux-max-store-size: 536870912
          key: cache-${{ matrix.os }}-${{ hashFiles('**/*') }}
          restore-keys: |
            cache-${{ matrix.os }}

      - name: Check out repository
        uses: actions/checkout@v3.5.3
        with:
          ref: trunk
      - name: Check codebase
        run: nix flake check -L

  docker-build:
    needs: nix-flake-check
    runs-on: debian-latest
    steps:
      - name: Install prerequisites
        run: apt update && apt install -y sudo zstd

      - name: Install Nix
        uses: https://github.com/nixbuild/nix-quick-install-action@v25

      - name: Remove access_tokens
        run: sed -i '/^access-tokens/d' /etc/nix/nix.conf

      - name: Restore and cache Nix store
        uses: https://github.com/nix-community/cache-nix-action@v1
        with:
          linux-gc-enabled: true
          linux-max-store-size: 536870912
          key: cache-${{ matrix.os }}-${{ hashFiles('**/*') }}
          restore-keys: |
            cache-${{ matrix.os }}

      - name: Check out repository
        uses: actions/checkout@v3.5.3
        with:
          ref: trunk
      - name: Build image
        run: nix build .#docker
      - name: Push image with Skopeo
        run: |
          nix-env -i skopeo -f '<nixpkgs>'
          wget https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json && mkdir /etc/containers && mv default-policy.json /etc/containers/policy.json
          skopeo copy docker-archive:result docker://icr.gmem.ca/dref:latest

  arm-docker-build:
    needs: nix-flake-check
    runs-on: debian-latest-arm
    steps:
      - name: Install prerequisites
        run: apt update && apt install -y sudo zstd

      - name: Install Nix
        uses: https://github.com/nixbuild/nix-quick-install-action@v25

      - name: Remove access_tokens
        run: sed -i '/^access-tokens/d' /etc/nix/nix.conf

      - name: Restore and cache Nix store
        uses: https://github.com/nix-community/cache-nix-action@v1
        with:
          linux-gc-enabled: true
          linux-max-store-size: 536870912
          key: cache-${{ matrix.os }}-${{ hashFiles('**/*') }}
          restore-keys: |
            cache-${{ matrix.os }}

      - name: Check out repository
        uses: actions/checkout@v3.5.3
        with:
          ref: trunk
      - name: Build image
        run: nix build .#docker
      - name: Push image with Skopeo
        run: |
          nix-env -i skopeo -f '<nixpkgs>'
          wget https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json && mkdir /etc/containers && mv default-policy.json /etc/containers/policy.json
          skopeo copy docker-archive:result docker://icr.gmem.ca/dref:arm