name: Publish Container Images
on:
  schedule:
    - cron: '0 3 * * *' # Run at 3 AM
  workflow_dispatch:

permissions:
  packages: write

jobs:
  publish:
    strategy:
      fail-fast: false
      matrix:
        include:
          - target: //k8s/container/coder-dev-base-image:push
            tag_prefix: "5-"
          - target: //experimental/users/acmcarther/temporal/git_workflow:push
            tag_prefix: "latest-"

    runs-on: docker
    container:
      image: forgejo.csbx.dev/acmcarther/coder-dev-base-image:4
    steps:
      - uses: actions/checkout@v4

      - name: Install bazelisk
        run: |
          curl -fLO "http://bin-cache-http.dev.svc.cluster.local/bazelisk/v1.27.0/bazelisk-linux-amd64"
          mkdir -p "${GITHUB_WORKSPACE}/bin/"
          mv bazelisk-linux-amd64 "${GITHUB_WORKSPACE}/bin/bazel"
          chmod +x "${GITHUB_WORKSPACE}/bin/bazel"
          echo "${GITHUB_WORKSPACE}/bin" >> $GITHUB_PATH

      - name: Login to Forgejo Registry
        uses: docker/login-action@v3
        with:
          registry: forgejo.csbx.dev
          username: ${{ github.actor }}
          password: ${{ secrets.YESOD_PACKAGE_TOKEN }}

      - name: Publish Image
        env:
          BAZELISK_BASE_URL: "http://bin-cache-http.dev.svc.cluster.local/bazel"
          # rules_oci respects DOCKER_CONFIG or looks in ~/.docker/config.json
          # The login action typically sets up ~/.docker/config.json
        run: |
          # Ensure DOCKER_CONFIG is set to where login-action writes (default home)
          export DOCKER_CONFIG=$HOME/.docker
          
          SHORT_SHA=$(git rev-parse --short HEAD)
          TAG="${{ matrix.tag_prefix }}${SHORT_SHA}"
          
          echo "Pushing image: ${{ matrix.target }} with tag: ${TAG}"
          bazel run --config=remote ${{ matrix.target }} -- --tag ${TAG}