name: Create OCI image(s)

on:
  workflow_dispatch:
  push:
    branches:
      - main

env:
  registry: git.amarth.cloud
  owner: amarth
  image: default
  tag: latest

jobs:
  build:
    name: Build and push images
    runs-on: default
    steps:
      - name: Install nodejs
        run: nix-env -iA nixpkgs.nodejs

      - uses: actions/checkout@v4

      - name: Prepare podman
        run: |
          # configure container policy to accept insecure registry
          nix-env -iA nixpkgs.podman nixpkgs.kvmtool

          # configure container policy to accept insecure registry
          mkdir -p ~/.config/containers
          echo '{ "default": [ {"type":"insecureAcceptAnything"} ] }' > ~/.config/containers/policy.json

      - name: Create image
        run: |
          nix-build src/default.nix
          podman load < result

      - uses: https://github.com/Frozen-Tapestry/container-action@v1
        with:
          login_registry: ${{ env.registry }}
          login_username: ${{ env.actor }}
          login_password: ${{ env.token }}

          tags: ${{ env.registry }}/${{ env.owner }}/${{ env.image }}:${{ env.tag }}
          # tags: localhost/${{ env.image }}:${{ env.tag }}

          push: true

      # - name: Log into registry
      #   run: >-
      #     podman login
      #     --log-level=debug
      #     --authfile ~/.config/containers/auth.json
      #     --username "${{ forge.actor }}"
      #     --password "${{ forge.token }}"
      #     ${{ env.registry }}

      # - name: __DEBUG__
      #   run: |
      #     echo "~/.config/containers/auth.json"
      #     [ -f ~/.config/containers/auth.json ] && cat ~/.config/containers/auth.json || echo "file doesn't exist"

      # - name: Push image
      #   run: >-
      #     podman push
      #     --log-level=debug
      #     --authfile ~/.config/containers/auth.json
      #     localhost/default:latest
      #     ${{ env.registry }}/${{ env.owner }}/${{ env.image }}:${{ env.tag }}