name: Gitea Actions to build image
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [never]

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write

    steps:

      # TEST
      - name: Print Gitea runner tag
        run: echo ${{ env.GITEA_RUNNER_TAG }}
      - name: Print vars repo test
        run: echo ${{ vars.REGISTRY_DOCKER }}
      # CLONE
      - name: Checkout private tools
        uses: https://github.com/actions/checkout@v3
        with:
        # tape git@gitea.jingoh.fr port 22 et pas port 443 cet ane (should be ssh://gitea.jingoh.fr:443/$repository au lieu de ssh://gitea.jingoh.fr:$repository) 
          repository: staffadmin/gitea-runner
          persist-credentials: false
          ssh-strict: false
          token: ${{ secrets.ACCESS_TOKEN_GIT }}
          ssh-known-hosts: ${{ secrets.SSH_KNOWN_GITEA }}

      # INSTALL docker    
      - run: apt-get update
      - run: apt-get install ca-certificates curl gnupg
      - run: install -m 0755 -d /etc/apt/keyrings
      - run: curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
      - run: chmod a+r /etc/apt/keyrings/docker.gpg
      - run: echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
      - run: apt-get update
      - run: apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

      # BUILD & PUSH docker image
      - name: Build the Docker image
        run: docker build . --file Dockerfile --tag ${{ vars.DOCKER_IMAGE_NAME }}:$(date +%s)
      # - name: Login to registry
      #   run: docker login -u "test:test" https://registry.jingoh.fr

      # # # Install the cosign tool except on PR
      # # # https://github.com/sigstore/cosign-installer
      # - name: Install cosign
      #   #if: gitea.event_name != 'pull_request'
      #   uses: https://github.com/sigstore/cosign-installer@v2.6.0 #v2.6.0
      #   with:
      #     cosign-release: 'v1.11.0'
      # # Workaround: https://github.com/docker/build-push-action/issues/461
      # - name: Setup Docker buildx
      #   uses: https://github.com/docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action

      - name: Log into registry ${{ vars.REGISTRY_DOCKER }}
        # env:
        #   REGISTRY_DOCKER: registry.jingoh.fr
        uses: docker/login-action@v3 # v3.0.0
        with:
          registry: ${{ vars.REGISTRY_DOCKER }}
          username: ${{ secrets.REGISTRY_DOCKER_USER }}
          password: ${{ secrets.REGISTRY_DOCKER_PASS }}

      - run: docker images

      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
        with:
          images: ${{ vars.REGISTRY_DOCKER }}/${{ vars.DOCKER_IMAGE_NAME }}

      - run: docker images

      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      # - name: Build and push Docker image
      #   id: build-and-push
      #   uses: docker/build-push-action@master
      #   with:
      #     context: "{{defaultContext}}:src"
      #     #push: ${{ github.event_name != 'pull_request' }} # Don't push on PR
      #     tags: ${{ steps.meta.outputs.tags }}
      #     labels: ${{ steps.meta.outputs.labels }}
      #     cache-from: type=gha
      #     cache-to: type=gha,mode=max

#       - run: echo "🐧 This job was running on a ${{ runner.os }} server hosted by Gitea!"