name: Build garm image

on:
  schedule:
    - cron: "13 3 * * *"
  push:
    branches:
      - main
    paths:
      - .gitea/workflows/garm-image.yml
      - apps/garm/image-source.env
      - docker/garm/**
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Load pin data
        shell: bash
        run: |
          set -euo pipefail
          source apps/garm/image-source.env
          echo "GARM_COMMIT=${GARM_COMMIT}" >> "$GITHUB_ENV"
          echo "GARM_COMMIT_NUMBER=${GARM_COMMIT_NUMBER}" >> "$GITHUB_ENV"
          echo "GARM_IMAGE=${GARM_IMAGE}" >> "$GITHUB_ENV"

      - name: Verify commit number
        shell: bash
        run: |
          set -euo pipefail
          tmpdir="$(mktemp -d)"
          trap 'rm -rf "$tmpdir"' EXIT
          git clone --filter=blob:none https://github.com/cloudbase/garm.git "$tmpdir"
          expected="$(git -C "$tmpdir" rev-list --count "$GARM_COMMIT")"
          if [ "$expected" != "$GARM_COMMIT_NUMBER" ]; then
            echo "Pin mismatch: expected r${expected}, got r${GARM_COMMIT_NUMBER}" >&2
            exit 1
          fi

      - name: Set up Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to gitea registry
        uses: docker/login-action@v3
        with:
          registry: gitea.lumpiasty.xyz
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: docker/garm/Dockerfile
          push: true
          build-args: |
            GARM_COMMIT=${{ env.GARM_COMMIT }}
          tags: |
            ${{ env.GARM_IMAGE }}
          labels: |
            org.opencontainers.image.source=https://github.com/cloudbase/garm
            org.opencontainers.image.revision=${{ env.GARM_COMMIT }}