---
name: build-ublue-custom
on:
  pull_request:
    branches:
      - main
  schedule:
    - cron: '05 10 * * *'  # 10:05am UTC everyday
  push:
    branches:
      - main
    paths-ignore:
      - '**/README.md'
  workflow_dispatch:

env:
  IMAGE: gitea.mrdev023.fr/justforfun/fedora_atomic_custom_image

jobs:
  build_push:
    name: Build and push image
    runs-on: ubuntu-latest

    permissions:
      contents: read
      packages: write
      id-token: write

    steps:
      - name: Install docker
        run: apt update && apt install -y docker.io

      - name: Checkout
        uses: https://github.com/actions/checkout@v3
        with:
          fetch-depth: 1

      - name: Install Cosign
        uses: https://github.com/sigstore/cosign-installer@v3.7.0

      - name: Set up QEMU
        uses: https://github.com/docker/setup-qemu-action@v3
        with:
          platforms: amd64

      - name: Set up Docker Buildx
        uses: https://github.com/docker/setup-buildx-action@v3

      - name: Login to Container Registry
        uses: https://github.com/docker/login-action@v3
        with:
          registry: gitea.mrdev023.fr
          username: ${{ secrets.USERNAME }}
          password: ${{ secrets.PASSWORD }}

      - name: Image Metadata
        uses: https://github.com/docker/metadata-action@v5
        id: meta
        with:
          images: ${{ env.IMAGE }}

      - name: Build and Push Image
        uses: https://github.com/docker/build-push-action@v5
        with:
          context: .
          file: ./Containerfile
          push: true
          tags: ${{ env.IMAGE }}:latest

      # - name: Sign container image
      #   if: gitea.event_name != 'pull_request'
      #   run: |
      #     cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE }}:latest
      #   env:
      #     COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
      #     COSIGN_PASSWORD: ""