# Build validation for pull requests (and pushes to main).
#
# Builds the full multi-arch image but does NOT push it anywhere — it only
# proves the Dockerfile still builds for every supported architecture. This is
# the gate Renovate automerge waits on: a dependency bump that breaks the build
# fails this check and will NOT be automerged (and therefore never reaches
# :stable or the routers).
#
# Reports pass/fail status back to Gitea, so it shows up as a required check on
# the PR.

# Changes that can't affect the image don't trigger the build: docs and the
# RouterOS-side script (routeros/**: lives on the router, not in the image).
# NOTE: if Gitea is ever configured to REQUIRE this check for merging, a
# PR touching only excluded files will have no check at all — exempt such PRs
# or merge manually. Renovate PRs always touch the Dockerfile or pipeline
# files, so the automerge gate is unaffected by these exclusions.
when:
  - event: pull_request
    path:
      exclude: &non_image_paths
        - '**/*.md'
        - 'docs/**'
        - 'routeros/**'
        - 'renovate.json'
  - event: push
    branch: main
    path:
      exclude: *non_image_paths

steps:
  - name: Build all arches (no push)
    image: woodpeckerci/plugin-docker-buildx:6.1.0
    privileged: true
    settings:
      repo: mikrotik-tailscale
      platforms: linux/amd64,linux/arm64,linux/arm/v7
      dry-run: true
      build_args:
        - OCI_VERSION=ci-${CI_COMMIT_SHA}