name: Publish container image

on:
  workflow_dispatch:
  release:
    types:
      - created
  schedule:
    - cron: '00 00 * * *'

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v5

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to ghcr.io
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set tag for image
        run: |
          echo IMAGE_TAG=$([ ${{ github.ref_type }} == 'tag' ] && echo ${{ github.ref_name }} || echo 'latest') >> $GITHUB_ENV

      - name: Build and Push release to ghcr.io
        if: github.event_name != 'schedule'
        uses: docker/build-push-action@v5
        with:
          context: .
          build-args: |
            INSTALL_ALL=true
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
            ghcr.io/${{ github.repository }}:latest
          # Fix multi-platform: https://github.com/docker/buildx/issues/1533
          provenance: false
          secrets: |
            "github_token=${{ secrets.GITHUB_TOKEN }}"

      - name: Build and Push nightly to ghcr.io
        if: github.event_name == 'schedule'
        uses: docker/build-push-action@v5
        with:
          context: .
          build-args: |
            INSTALL_ALL=true
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            ghcr.io/${{ github.repository }}:nightly
          # Fix multi-platform: https://github.com/docker/buildx/issues/1533
          provenance: false
          secrets: |
            "github_token=${{ secrets.GITHUB_TOKEN }}"

      - name: Login to DockerHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: registry.hub.docker.com
          username: ${{ secrets.DOCKERHUB_USER }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build and Push release to DockerHub
        if: github.event_name != 'schedule'
        uses: docker/build-push-action@v5
        with:
          context: .
          build-args: |
            INSTALL_ALL=true
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            registry.hub.docker.com/tofuutils/pre-commit-opentofu:${{ env.IMAGE_TAG }}
            registry.hub.docker.com/tofuutils/pre-commit-opentofu:latest
          provenance: false

      - name: Build and Push nightly to DockerHub
        if: github.event_name == 'schedule'
        uses: docker/build-push-action@v5
        with:
          context: .
          build-args: |
            INSTALL_ALL=true
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            registry.hub.docker.com/tofuutils/pre-commit-opentofu:nightly
          provenance: false