name: docker-cicd

on:
  push:
    branches:
      - main
      - master

jobs:
  build-and-push:
    runs-on: linux_amd64
    env:
      GITEA_SERVER_URL: ${{ gitea.server_url }}
      GITEA_REPOSITORY: ${{ gitea.repository }}
      GITEA_REF_NAME: ${{ gitea.ref_name }}
      GITEA_SHA: ${{ gitea.sha }}
      DEFAULT_BRANCH: ${{ vars.DEFAULT_BRANCH }}
      IMAGE_NAME_OVERRIDE: ${{ vars.IMAGE_NAME }}
      PACKAGE_USER: ${{ vars.PACKAGE_USER }}
      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
    steps:
      - name: Validate required tools and secrets
        run: |
          set -eu
          command -v git >/dev/null 2>&1 || { echo "git 未安装"; exit 1; }
          command -v docker >/dev/null 2>&1 || { echo "docker 未安装"; exit 1; }
          command -v curl >/dev/null 2>&1 || { echo "curl 未安装"; exit 1; }
          [ -n "${DOCKER_TOKEN}" ] || { echo "缺少 secrets.DOCKER_TOKEN"; exit 1; }

      - name: Clone current repository
        run: |
          set -eu
          SERVER_HOST="$(printf '%s' "${GITEA_SERVER_URL}" | sed -E 's#^[a-zA-Z]+://##; s#/.*$##')"
          OWNER="${GITEA_REPOSITORY%%/*}"
          LOGIN_USER="${PACKAGE_USER:-$OWNER}"
          WORKDIR="/tmp/${GITEA_REPOSITORY##*/}-${GITEA_SHA}"
          rm -rf "${WORKDIR}"
          git clone --depth=1 "https://${LOGIN_USER}:${DOCKER_TOKEN}@${SERVER_HOST}/${GITEA_REPOSITORY}.git" "${WORKDIR}"
          cd "${WORKDIR}"
          git fetch --depth=1 origin "${GITEA_SHA}" || true
          git checkout "${GITEA_SHA}" || true
          echo "WORKDIR=${WORKDIR}" >> "${GITHUB_ENV}"
          echo "SERVER_HOST=${SERVER_HOST}" >> "${GITHUB_ENV}"
          echo "LOGIN_USER=${LOGIN_USER}" >> "${GITHUB_ENV}"

      - name: Build and push Docker image
        run: |
          set -eu
          cd "${WORKDIR}"
          OWNER="${GITEA_REPOSITORY%%/*}"
          OWNER_IMAGE="$(printf '%s' "${OWNER}" | tr '[:upper:]' '[:lower:]')"
          REPO_NAME="${GITEA_REPOSITORY##*/}"
          IMAGE_NAME="$(printf '%s' "${IMAGE_NAME_OVERRIDE:-$REPO_NAME}" | tr '[:upper:]' '[:lower:]')"
          IMAGE_REF="${SERVER_HOST}/${OWNER_IMAGE}/${IMAGE_NAME}"
          SHORT_SHA="$(printf '%s' "${GITEA_SHA}" | cut -c1-12)"
          REF_SLUG="$(printf '%s' "${GITEA_REF_NAME}" | tr '/:@ ' '----')"
          DEFAULT_BRANCH_NAME="${DEFAULT_BRANCH:-main}"

          echo "${DOCKER_TOKEN}" | docker login "${SERVER_HOST}" --username "${LOGIN_USER}" --password-stdin

          docker build -t "${IMAGE_REF}:sha-${SHORT_SHA}" .
          docker tag "${IMAGE_REF}:sha-${SHORT_SHA}" "${IMAGE_REF}:branch-${REF_SLUG}"
          docker push "${IMAGE_REF}:sha-${SHORT_SHA}"
          docker push "${IMAGE_REF}:branch-${REF_SLUG}"

          if [ "${GITEA_REF_NAME}" = "${DEFAULT_BRANCH_NAME}" ]; then
            docker tag "${IMAGE_REF}:sha-${SHORT_SHA}" "${IMAGE_REF}:latest"
            docker push "${IMAGE_REF}:latest"
          fi

          echo "OWNER=${OWNER}" >> "${GITHUB_ENV}"
          echo "REPO_NAME=${REPO_NAME}" >> "${GITHUB_ENV}"
          echo "IMAGE_NAME=${IMAGE_NAME}" >> "${GITHUB_ENV}"
          echo "IMAGE_REF=${IMAGE_REF}" >> "${GITHUB_ENV}"

      - name: Link package to current repository
        run: |
          set -eu
          API_URL="${GITEA_SERVER_URL%/}/api/v1/packages/${OWNER}/container/${IMAGE_NAME}/-/link/${REPO_NAME}"
          HTTP_CODE="$(curl -sS -o /tmp/package-link.out -w '%{http_code}' \
            -X POST \
            -H "Authorization: token ${DOCKER_TOKEN}" \
            "${API_URL}")"

          if [ "${HTTP_CODE}" = "201" ] || [ "${HTTP_CODE}" = "204" ] || [ "${HTTP_CODE}" = "409" ]; then
            echo "package link result: ${HTTP_CODE}"
            cat /tmp/package-link.out || true
            exit 0
          fi

          echo "package link failed: ${HTTP_CODE}"
          cat /tmp/package-link.out || true
          exit 1