name: Build and Push Docker Image
description: Build and push a Docker image with S3 caching and Nix cache support

inputs:
  context:
    description: 'Build context path'
    required: false
    default: '.'

  dockerfile:
    description: 'Path to Dockerfile'
    required: true

  image-name:
    description: 'Full image name (e.g., git.toph.so/user/repo or git.toph.so/user/repo/image)'
    required: true

  registry:
    description: 'Docker registry'
    required: false
    default: 'git.toph.so'

  registry-username:
    description: 'Registry username'
    required: false
    default: ${{ gitea.actor }}

  registry-password:
    description: 'Registry password/token'
    required: true

  push:
    description: 'Push image to registry'
    required: false
    default: 'true'

  tags:
    description: 'Custom tags (newline-separated), overrides auto-tagging'
    required: false

  s3-cache-bucket:
    description: 'S3 bucket for Docker build cache'
    required: false
    default: 'docker-cache'

  s3-endpoint:
    description: 'S3 endpoint URL'
    required: false
    default: 'https://s3.toph.so'

  enable-nix-cache:
    description: 'Configure Nix binary cache for builds using Nix'
    required: false
    default: 'false'

  attic-endpoint:
    description: 'Attic/Nix cache endpoint'
    required: false
    default: 'https://cache.toph.so'

runs:
  using: composite
  steps:
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

    - name: Configure Nix cache
      if: inputs.enable-nix-cache == 'true'
      shell: bash
      run: |
        mkdir -p ~/.config/nix
        cat > ~/.config/nix/nix.conf <<EOF
        extra-substituters = https://cache.nixos.org/ ${{ inputs.attic-endpoint }}/ci ${{ inputs.attic-endpoint }}/toph
        extra-trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ci:db8ZBxd5cjqoGzOYThRQcxj4XnaqHJZBZw1phCQOiz8= toph:E/oP7KyljH/yprI5LArxNPpSlQCdo29sMOkh3jm53Yg=
        experimental-features = nix-command flakes
        EOF

    - name: Log in to registry
      if: inputs.push == 'true'
      uses: docker/login-action@v3
      with:
        registry: ${{ inputs.registry }}
        username: ${{ inputs.registry-username }}
        password: ${{ inputs.registry-password }}

    - name: Generate tags
      id: tags
      shell: bash
      run: |
        if [ -n "${{ inputs.tags }}" ]; then
          # Use custom tags if provided
          echo "tags=${{ inputs.tags }}" >> $GITHUB_OUTPUT
        else
          # Auto-generate tags based on event type
          TAGS=""
          IMAGE_BASE="${{ inputs.image-name }}"

          # Branch name tag
          if [ "${{ github.event_name }}" = "push" ]; then
            BRANCH_NAME="${GITHUB_REF#refs/heads/}"
            TAGS="${TAGS}${IMAGE_BASE}:${BRANCH_NAME}\n"
          fi

          # PR tag
          if [ "${{ github.event_name }}" = "pull_request" ]; then
            TAGS="${TAGS}${IMAGE_BASE}:pr-${{ github.event.pull_request.number }}\n"
          fi

          # Tag-based versioning
          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
            VERSION="${GITHUB_REF#refs/tags/v}"
            TAGS="${TAGS}${IMAGE_BASE}:${VERSION}\n"
            MAJOR="${VERSION%%.*}"
            MINOR="${VERSION#*.}"
            MINOR="${MINOR%%.*}"
            TAGS="${TAGS}${IMAGE_BASE}:${MAJOR}.${MINOR}\n"
            TAGS="${TAGS}${IMAGE_BASE}:${MAJOR}\n"
            TAGS="${TAGS}${IMAGE_BASE}:latest\n"
          fi

          # SHA tag
          SHORT_SHA="${GITHUB_SHA:0:7}"
          TAGS="${TAGS}${IMAGE_BASE}:${SHORT_SHA}"

          echo -e "tags<<EOF" >> $GITHUB_OUTPUT
          echo -e "$TAGS" >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT
        fi

    - name: Build and push
      uses: docker/build-push-action@v5
      with:
        context: ${{ inputs.context }}
        file: ${{ inputs.dockerfile }}
        push: ${{ inputs.push }}
        tags: ${{ steps.tags.outputs.tags }}
        cache-from: type=s3,region=auto,bucket=${{ inputs.s3-cache-bucket }},endpoint_url=${{ inputs.s3-endpoint }}
        cache-to: type=s3,region=auto,bucket=${{ inputs.s3-cache-bucket }},endpoint_url=${{ inputs.s3-endpoint }},mode=max