# Dockerfile container build workflow
# Triggers on pushes to main that modify containers/*, or via manual dispatch.
# Detects which containers changed, extracts version from CONTAINER_APP_VERSION,
# and publishes with commit-SHA-based tags: vX.Y.Z-<sha>
name: Build Container

on:
  push:
    branches: [main]
    paths: ['containers/**']
  workflow_dispatch:
    inputs:
      container:
        description: 'Container name (directory under containers/)'
        required: true
        type: string
      ref:
        description: 'Commit SHA to build (defaults to current HEAD)'
        required: false
        type: string

jobs:
  detect:
    runs-on: k8s
    outputs:
      containers: ${{ steps.list.outputs.containers }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 2

      - name: Detect changed containers
        id: list
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            CONTAINERS='["${{ inputs.container }}"]'
          else
            # Diff against parent commit to find changed container dirs
            CONTAINERS=$(git diff --name-only HEAD~1 HEAD -- containers/ \
              | cut -d/ -f2 | sort -u \
              | jq -R -s -c 'split("\n") | map(select(length > 0))')
          fi
          echo "containers=$CONTAINERS" >> "$GITHUB_OUTPUT"
          echo "Containers to build: $CONTAINERS"

  build:
    needs: detect
    if: needs.detect.outputs.containers != '[]'
    runs-on: k8s
    strategy:
      matrix:
        container: ${{ fromJson(needs.detect.outputs.containers) }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Check for Dockerfile
        id: check
        run: |
          if [ -f "containers/${{ matrix.container }}/Dockerfile" ]; then
            echo "exists=true" >> "$GITHUB_OUTPUT"
          else
            echo "No Dockerfile for ${{ matrix.container }} — skipping"
            echo "exists=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Extract version and SHA
        if: steps.check.outputs.exists == 'true'
        id: meta
        run: |
          VERSION=$(grep -m1 '^ARG CONTAINER_APP_VERSION=' \
            "containers/${{ matrix.container }}/Dockerfile" \
            | sed 's/^ARG CONTAINER_APP_VERSION=//')

          if [ -z "$VERSION" ]; then
            echo "Error: No CONTAINER_APP_VERSION found in Dockerfile"
            exit 1
          fi

          # Use dispatch input ref if provided, otherwise current commit
          REF="${{ inputs.ref }}"
          if [ -z "$REF" ]; then
            REF="${GITHUB_SHA}"
          fi
          SHORT_SHA=$(echo "$REF" | head -c 7)

          # Ensure version starts with 'v'
          case "$VERSION" in
            v*) ;; # already has v prefix
            *) VERSION="v${VERSION}" ;;
          esac

          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "sha=$SHORT_SHA" >> "$GITHUB_OUTPUT"
          echo "Version: $VERSION, SHA: $SHORT_SHA"

      - name: Publish
        if: steps.check.outputs.exists == 'true'
        env:
          ZOT_CI_API_KEY: ${{ secrets.ZOT_CI_API_KEY }}
        run: |
          dagger call publish \
            --src=. \
            --container-name=${{ matrix.container }} \
            --version=${{ steps.meta.outputs.version }} \
            --commit-sha=${{ steps.meta.outputs.sha }} \
            --registry-password=env:ZOT_CI_API_KEY