name: Build capture docker image

on:
  workflow_dispatch:
  push:
    branches:
      - "main"

permissions:
  packages: write

jobs:
  build:
    name: build and publish capture image
    runs-on: depot-ubuntu-22.04-4
    permissions:
      id-token: write # allow issuing OIDC tokens for this workflow run
      contents: read # allow reading the repo contents
      packages: write # allow push to ghcr.io

    steps:
      - name: Check Out Repo
        uses: actions/checkout@v3

      - name: Set up Depot CLI
        uses: depot/setup-action@v1

      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: posthog
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to ghcr.io
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ghcr.io/posthog/hog-rs/capture
          tags: |
            type=ref,event=pr
            type=ref,event=branch
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=sha

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2

      - name: Build and push capture
        id: docker_build_capture
        uses: depot/build-push-action@v1
        with:
          context: ./
          file: ./Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/arm64
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: BIN=capture-server

      - name: Capture image digest
        run: echo ${{ steps.docker_build_capture.outputs.digest }}