.github/workflows/publish-docker-image.yml

name: Publish Docker Image

on:
  workflow_dispatch:
  push:
    branches:
      - v4

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

env:
  IMAGE: amruthpillai/reactive-resume

jobs:
  build:
    runs-on: ubuntu-latest

    outputs:
      version: ${{ steps.version.outputs.version }}

    strategy:
      fail-fast: false
      matrix:
        platform:
          - linux/amd64
          # - linux/arm64 # Skipping linux/arm64 for now as it is extremely slow to build on GitHub Actions

    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4.1.1

      - name: Extract version from package.json
        id: version
        run: echo "version=$(jq -r '.version' package.json)" >> "$GITHUB_OUTPUT"

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0

      - name: Login to Docker Hub
        uses: docker/login-action@v3.0.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}

      - name: Login to Quay.io
        uses: docker/login-action@v3.0.0
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_PASSWORD }}

      - name: Login to GitHub Container Registery
        uses: docker/login-action@v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ github.token }}

      - name: Extract Docker Metadata
        id: meta
        uses: docker/metadata-action@v5.0.0
        with:
          tags: type=semver,pattern={{version}},prefix=v,value=${{ steps.version.outputs.version }}
          images: |
            ${{ env.IMAGE }}
            ghcr.io/${{ env.IMAGE }}
            quay.io/${{ env.IMAGE }}

      - name: Build and Push by Digest
        uses: docker/build-push-action@v5.0.0
        id: build
        with:
          context: .
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: ${{ matrix.platform }}
          labels: ${{ steps.meta.outputs.labels }}
          outputs: type=image,name=${{ env.IMAGE }},push-by-digest=true,name-canonical=true,push=true
          build-args: |
            NX_CLOUD_ACCESS_TOKEN=${{ secrets.NX_CLOUD_ACCESS_TOKEN }}

      - name: Export Digest
        run: |
          mkdir -p /tmp/digests
          digest="${{ steps.build.outputs.digest }}"
          touch "/tmp/digests/${digest#sha256:}"

      - name: Upload Digest
        uses: actions/upload-artifact@v3
        with:
          name: digests
          path: /tmp/digests/*
          if-no-files-found: error
          retention-days: 1

  merge:
    runs-on: ubuntu-latest

    needs:
      - build

    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4.1.1

      - name: Download Digest
        uses: actions/download-artifact@v3.0.0
        with:
          name: digests
          path: /tmp/digests

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0

      - name: Login to Docker Hub
        uses: docker/login-action@v3.0.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}

      - name: Login to Quay.io
        uses: docker/login-action@v3.0.0
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_PASSWORD }}

      - name: Login to GitHub Container Registery
        uses: docker/login-action@v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ github.token }}

      - name: Extract Docker Metadata
        id: meta
        uses: docker/metadata-action@v5.0.0
        with:
          tags: type=semver,pattern={{version}},prefix=v,value=${{ needs.build.outputs.version }}
          images: |
            ${{ env.IMAGE }}
            ghcr.io/${{ env.IMAGE }}
            quay.io/${{ env.IMAGE }}

      - name: Create Docker Manifest List and Push
        working-directory: /tmp/digests
        run: |
          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
            $(printf '${{ env.IMAGE }}@sha256:%s ' *)

      - name: Inspect Image
        run: |
          docker buildx imagetools inspect ${{ env.IMAGE }}:${{ steps.meta.outputs.version }}

      - name: Update Repository Description
        uses: peter-evans/dockerhub-description@v3
        with:
          repository: ${{ github.repository }}
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}