name: Build container image
on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
    tags:
      - '*'
  pull_request:
    paths:
      - .github/workflows/build-image.yml
      - Dockerfile
permissions:
  contents: read
  packages: write

jobs:
  build-image:
    runs-on: ubuntu-latest

    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
      cancel-in-progress: true

    steps:
      - uses: actions/checkout@v3
      - uses: hadolint/hadolint-action@v3.1.0
      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@v2

      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
        if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request'

      - name: Log in to the Github Container registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
        if: github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request'

      - uses: docker/metadata-action@v4
        id: meta
        with:
          images: |
            tootsuite/mastodon
            ghcr.io/mastodon/mastodon
          flavor: |
            latest=auto
          tags: |
            type=edge,branch=main
            type=pep440,pattern={{raw}}
            type=pep440,pattern=v{{major}}.{{minor}}
            type=ref,event=pr

      - uses: docker/build-push-action@v4
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          provenance: false
          builder: ${{ steps.buildx.outputs.name }}
          push: ${{ github.repository == 'mastodon/mastodon' && github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max