name: Build wonderwall

on: [push]

env:
  GOOGLE_REGISTRY: europe-north1-docker.pkg.dev/nais-io/nais/images
  GITHUB_REGISTRY: ghcr.io

jobs:
  test:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout latest code
        uses: actions/checkout@v3
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: ">=1.19.4"
      - name: Test Go
        run: |
          make test
  publish-images:
    needs: test
    name: Publish to Google and GitHub registries
    if: github.ref == 'refs/heads/master'
    permissions:
      contents: "read"
      id-token: "write"
      packages: "write"
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - id: "auth"
        name: "Authenticate to Google Cloud"
        uses: "google-github-actions/auth@v1"
        with:
          workload_identity_provider: ${{ secrets.NAIS_IO_WORKLOAD_IDENTITY_PROVIDER }}
          service_account: "gh-wonderwall@nais-io.iam.gserviceaccount.com"
          token_format: "access_token"
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Google Artifact Registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.GOOGLE_REGISTRY }}
          username: "oauth2accesstoken"
          password: "${{ steps.auth.outputs.access_token }}"
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.GITHUB_REGISTRY }}
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Docker meta
        id: metadata
        uses: docker/metadata-action@v4
        with:
          images: |
            ${{ env.GOOGLE_REGISTRY }}/wonderwall
            ${{ env.GITHUB_REGISTRY }}/${{ github.repository }}
          flavor: |
            latest=true
          # Docker tags based on the following events/attributes
          tags: |
            type=schedule
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern=v{{version}}
            type=semver,pattern=v{{major}}.{{minor}}
            type=semver,pattern=v{{major}}
            type=sha,prefix={{date 'YYYY-MM-DD'}}-
      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          file: Dockerfile
          platforms: linux/amd64,linux/arm64
          pull: true
          push: true
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max