name: Build Docker Image
on:
  push:
    branches:
      - trunk

jobs:
  nix-flake-check:
    runs-on: debian-latest
    steps:
      - name: Install prerequisites
        run: apt update && apt install -y sudo zstd

      - name: "Cache Nix store"
        uses: actions/cache@v3.0.8
        id: nix-cache
        with:
          path: /nix
          key: "dref-cache-v1"

      - name: Install Nix
        uses: https://github.com/cachix/install-nix-action@v22
        with:
          extra_nix_config: "experimental-features = nix-command flakes"
          nix_path: nixpkgs=channel:nixos-23.05
      - name: Remove access_tokens
        run: sed -i '/^access-tokens/d' /etc/nix/nix.conf

      - name: Check out repository
        uses: actions/checkout@v3.5.3
        with:
          ref: trunk
      - name: Check codebase
        run: nix flake check -L

  docker-build:
    needs: nix-flake-check
    runs-on: debian-latest
    steps:
      - name: Install prerequisites
        run: apt update && apt install -y sudo zstd


      - name: "Cache Nix store"
        uses: actions/cache@v3.0.8
        id: nix-cache
        with:
          path: /nix
          key: "dref-cache-v1"

      - name: Install Nix
        uses: https://github.com/cachix/install-nix-action@v22
        with:
          extra_nix_config: "experimental-features = nix-command flakes"
          nix_path: nixpkgs=channel:nixos-23.05
      - name: Remove access_tokens
        run: sed -i '/^access-tokens/d' /etc/nix/nix.conf

      - name: Check out repository
        uses: actions/checkout@v3.5.3
        with:
          ref: trunk
      - name: Build image
        run: nix build .#docker
      - name: Push image with Skopeo
        run: |
          nix-env -i skopeo -f '<nixpkgs>'
          wget https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json && mkdir /etc/containers && mv default-policy.json /etc/containers/policy.json
          skopeo login --username arch --password $REGISTRY_TOKEN git.gmem.ca
          skopeo copy docker-archive:result docker://git.gmem.ca/arch/dref:latest
        env:
            REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}

  arm-docker-build:
    needs: nix-flake-check
    runs-on: debian-latest-arm
    steps:
      - name: Install prerequisites
        run: apt update && apt install -y sudo zstd


      - name: "Cache Nix store"
        uses: actions/cache@v3.0.8
        id: nix-cache
        with:
          path: /nix
          key: "dref-cache-arm-v1"

      - name: Install Nix
        uses: https://github.com/cachix/install-nix-action@v22
        with:
          extra_nix_config: "experimental-features = nix-command flakes"
          nix_path: nixpkgs=channel:nixos-23.05
      - name: Remove access_tokens
        run: sed -i '/^access-tokens/d' /etc/nix/nix.conf

      - name: Check out repository
        uses: actions/checkout@v3.5.3
        with:
          ref: trunk
      - name: Build image
        run: nix build .#docker
      - name: Push image with Skopeo
        run: |
          nix-env -i skopeo -f '<nixpkgs>'
          wget https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json && mkdir /etc/containers && mv default-policy.json /etc/containers/policy.json
          skopeo login --username arch --password $REGISTRY_TOKEN git.gmem.ca
          skopeo copy docker-archive:result docker://git.gmem.ca/arch/dref:arm
        env:
            REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}