name: Docker Push

on:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:
    branches:
      - 'main'

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
  steps:
    - name: Checkout
      uses: actions/checkout@v3

    # Install the cosign tool except on PR
    # https://github.com/sigstore/cosign-installer
    - name: Install cosign
      if: github.event_name != 'pull_request'
      uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
      with:
        cosign-release: 'v1.13.1'

    - name: Set up QEMU
      uses: docker/setup-qemu-action@v1

    # Workaround: https://github.com/docker/build-push-action/issues/461
    - name: Setup Docker buildx
      uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf

    - name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v2
        with:
          registry: git.nicktrimborn.de
          username: ${{ secrets.ACTION_USER }}
          password: ${{ secrets.PASSWORD }}

    - name: Docker meta
      id: meta
      uses: docker/metadata-action@v4
      with:
        images: |
          ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
        tags: |
          type=ref,event=branch
          type=ref,event=pr
          type=semver,pattern={{version}}
          type=semver,pattern={{major}}.{{minor}}
    
    - name: Build and push
      uses: docker/build-push-action@v4
      with:
        context: .
        push: ${{ github.event_name != 'pull_request' }}
        tags: ${{ steps.meta.outputs.tags }}
        labels: ${{ steps.meta.outputs.labels }}