name: "Build Dockerfile if changed and run smoke tests"

on: [pull_request]

env:
  IMAGE_TAG: pr-test

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0

      - name: Get changed Dockerfile
        id: changed-files-specific
        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
        with:
          files: |
            Dockerfile
            .dockerignore
            tools/entrypoint.sh
            .github/workflows/build-image-test.yaml

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

      - name: Build if Dockerfile changed
        if: steps.changed-files-specific.outputs.any_changed == 'true'
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
        with:
          context: .
          build-args: |
            INSTALL_ALL=true
          platforms: linux/amd64 # Only one allowed here, see https://github.com/docker/buildx/issues/59#issuecomment-1433097926
          push: false
          load: true
          tags: |
            ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
          # Fix multi-platform: https://github.com/docker/buildx/issues/1533
          provenance: false
          secrets: |
            "github_token=${{ secrets.GITHUB_TOKEN }}"

      - name: Run structure tests
        if: steps.changed-files-specific.outputs.any_changed == 'true'
        uses: plexsystems/container-structure-test-action@c0a028aa96e8e82ae35be556040340cbb3e280ca # v0.3.0
        with:
          image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
          config: .github/.container-structure-test-config.yaml

      - name: Dive - check image for waste files
        if: steps.changed-files-specific.outputs.any_changed == 'true'
        uses: MaxymVlasov/dive-action@fafb796951b322cc4926b8a5eafda89ab9de8edf # v1.5.1
        with:
          image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
          config-file: ${{ github.workspace }}/.github/.dive-ci.yaml
          github-token: ${{ secrets.GITHUB_TOKEN }}

      # Can't build both platforms and use --load at the same time
      # https://github.com/docker/buildx/issues/59#issuecomment-1433097926
      - name: Build Multi-arch docker-image
        if: steps.changed-files-specific.outputs.any_changed == 'true'
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
        with:
          context: .
          build-args: |
            INSTALL_ALL=true
          platforms: linux/amd64,linux/arm64
          push: false
          tags: |
            ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
          # Fix multi-platform: https://github.com/docker/buildx/issues/1533
          provenance: false
          secrets: |
            "github_token=${{ secrets.GITHUB_TOKEN }}"