name: GitHub Codespaces image build

# Run only on master branch. We could also build on branch but this seems like
# an optimization that can be done as and when desired. The main use case we're
# handling is creating and working off a branch from master, so it doesn't seem
# like an immediate requirement to have branches as well.
#
# NOTE: the job is setup to also push branch images as well, and using branch
# and master as caching, so if we want to add the optimisation for branches we
# can just remove the master branch restriction.
on:
    push:
        branches:
            - master
    pull_request:
        types:
            - opened
            - labeled
            - synchronize

jobs:
    build:
        name: Build Codespaces image
        runs-on: ubuntu-latest

        # Build on master and PRs with the label 'codespaces-build' only
        if: ${{ github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'codespaces-build')  }}

        steps:
            - uses: actions/checkout@v3
              with:
                  fetch-depth: 1

            - name: Lowercase GITHUB_REPOSITORY
              id: lowercase
              run: |
                  echo "repository=${GITHUB_REPOSITORY,,}" >> "$GITHUB_OUTPUT"

            # As ghcr.io complains if the image has upper case letters, we use
            # this action to ensure we get a lower case version. See
            # https://github.com/docker/build-push-action/issues/237#issuecomment-848673650
            # for more details
            - name: Docker image metadata
              id: meta
              uses: docker/metadata-action@v5
              with:
                  images: ghcr.io/${{ steps.lowercase.outputs.repository }}/codespaces
                  tags: |
                      type=ref,event=branch
                      type=raw,value=master

            # We also want to use cache-from when building, but we want to also
            # include the master tag so we get the master branch image as well.
            # This creates a scope similar to the github cache action scoping
            - name: Docker cache-from/cache-to metadata
              id: meta-for-cache
              uses: docker/metadata-action@v5
              with:
                  images: ghcr.io/${{ steps.lowercase.outputs.repository }}/codespaces
                  tags: |
                      type=raw,value=master

            # Install QEMU so we can target x86_64 (github codespaces)
            - name: Set up QEMU
              uses: docker/setup-qemu-action@v3

            - name: Set up Docker Buildx
              uses: docker/setup-buildx-action@v2

            - name: Login to GitHub Container Registry
              uses: docker/login-action@v3
              with:
                  registry: ghcr.io
                  username: ${{ github.actor }}
                  password: ${{ secrets.GITHUB_TOKEN }}

            - name: Build and push
              uses: docker/build-push-action@v2
              with:
                  context: .
                  file: .devcontainer/Dockerfile
                  push: true
                  platforms: x86_64
                  # Cache from this branch, or master
                  cache-from: ${{ steps.meta-for-cache.outputs.tags }}
                  # NOTE: we use inline as suggested here:
                  # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#inline-cache
                  # It notes that it doesn't support mode=max, but we're not
                  # removing any layers, soooo, maybe it's fine.
                  cache-to: type=inline
                  tags: ${{ steps.meta.outputs.tags }}
                  labels: ${{ steps.meta.outputs.labels }}