name: Gitea Actions to build image
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write

    steps:

      # - name: Print to Log
      #   id: print-to-log
      #   env:
      #     REGISTRY: registry.jingoh.fr
      #   uses: https://github.com/actions/hello-world-docker-action@main
      #   with:
      #     who-to-greet: ${{ env.REGISTRY }}

      - name: Checkout private tools
        uses: https://github.com/actions/checkout@v3
        with:
        # tape git@gitea.jingoh.fr port 22 et pas port 443 cet ane (should be ssh://gitea.jingoh.fr:443/$repository au lieu de ssh://gitea.jingoh.fr:$repository) 
          repository: staffadmin/gitea-runner
          persist-credentials: false
          ssh-strict: false
          token: ${{ secrets.ACCESS_TOKEN_GIT }} # `GH_PAT` is a secret that contains your PAT
          ssh-known-hosts: ${{ secrets.SSH_KNOWN_GITEA }}

      # Install DOCKER    
      - run: apt-get update
      - run: apt-get install ca-certificates curl gnupg
      - run: install -m 0755 -d /etc/apt/keyrings
      - run: curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
      - run: chmod a+r /etc/apt/keyrings/docker.gpg
      - run: echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
      - run: apt-get update
      - run: apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

      - name: Build the Docker image
        run: docker build . --file Dockerfile --tag test:$(date +%s)

      # # Install the cosign tool except on PR
      # # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        #if: gitea.event_name != 'pull_request'
        uses: https://github.com/sigstore/cosign-installer@v2.6.0 #v2.6.0
        with:
          cosign-release: 'v1.11.0'

      # Workaround: https://github.com/docker/build-push-action/issues/461
      - name: Setup Docker buildx
        uses: https://github.com/docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY_DOCKER }}
        #if: gitea.event_name != 'pull_request'
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: ${{ env.REGISTRY_DOCKER }}
          username: ${{ secrets.REGISTRY_DOCKER_USER }}
          password: ${{ secrets.REGISTRY_DOCKER_PASS }}

      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
        with:
          images: ${{ env.REGISTRY_DOCKER }}/${{ env.DOCKER_IMAGE_NAME }}

      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@master
        with:
          context: "{{defaultContext}}:src"
          #push: ${{ github.event_name != 'pull_request' }} # Don't push on PR
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

#       - run: echo "🐧 This job was running on a ${{ runner.os }} server hosted by Gitea!"