name: itom-platform auto build image
# itom-platform:auto-ci-managed

on:
  push:
    branches:
      - dev
  workflow_dispatch: {}

permissions:
  contents: read
  packages: write

env:
  CI_TRIGGER_MODE_VAR: ${{ vars.CI_TRIGGER_MODE }}
  CI_TRIGGER_MODE_SECRET: ${{ secrets.CI_TRIGGER_MODE }}

jobs:
  build:
    runs-on: ubuntu-latest

    env:
      REGISTRY: docker.io
      IMAGE: docker.io/kim6789/chat-deploy
      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

    steps:
      - name: Check trigger mode
        shell: sh
        run: |
          set -eu
          MODE="${CI_TRIGGER_MODE_VAR:-${CI_TRIGGER_MODE_SECRET:-dispatch}}"
          MODE=$(echo "$MODE" | tr 'A-Z' 'a-z')
          EVENT="${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}"
          EVENT=$(echo "$EVENT" | tr 'A-Z' 'a-z')
          ALLOW="false"
          case "$EVENT" in
            workflow_dispatch|manual)
              if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then
                ALLOW="true"
              fi
              ;;
            push)
              if [ "$MODE" = "push" ] || [ "$MODE" = "both" ]; then
                ALLOW="true"
              fi
              ;;
            *)
              if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then
                ALLOW="true"
              fi
              ;;
          esac
          echo "CI_TRIGGER_MODE=$MODE" >> "$GITHUB_ENV"
          echo "CI_TRIGGER_ALLOWED=$ALLOW" >> "$GITHUB_ENV"
          if [ "$ALLOW" != "true" ]; then
            echo "Skip build: event=$EVENT mode=$MODE"
          fi

      - name: Install git
        if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
        shell: sh
        run: |
          set -eu
          if ! command -v git >/dev/null 2>&1; then
            apk add --no-cache git openssh-client ca-certificates || apt-get update && apt-get install -y git
          fi

      - name: Checkout
        if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
        shell: sh
        env:
          GIT_USER: ${{ secrets.GIT_USER }}
          GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
        run: |
          set -eu
          WORKDIR="${GITHUB_WORKSPACE:-/workspace}"
          mkdir -p "$WORKDIR"
          REPO="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}"
          SERVER="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-https://git.imall.cloud}}"
          if [ -z "$REPO" ]; then
            echo "ERROR: missing repository info."
            exit 1
          fi
          USER=""
          TOKEN=""
          if [ -n "${GIT_USER:-}" ] && [ -n "${GIT_TOKEN:-}" ]; then
            USER="$GIT_USER"
            TOKEN="$GIT_TOKEN"
          elif [ -n "${GITEA_TOKEN:-}" ]; then
            USER="${GITEA_ACTOR:-${GITHUB_ACTOR:-}}"
            TOKEN="$GITEA_TOKEN"
          elif [ -n "${GITHUB_TOKEN:-}" ]; then
            USER="${GITHUB_ACTOR:-}"
            TOKEN="$GITHUB_TOKEN"
          fi
          if [ -n "$TOKEN" ] && [ -n "$USER" ]; then
            AUTH_HOST="${SERVER#https://}"
            AUTH_HOST="${AUTH_HOST#http://}"
            git clone "https://${USER}:${TOKEN}@${AUTH_HOST}/${REPO}.git" "$WORKDIR"
          else
            git clone "${SERVER}/${REPO}.git" "$WORKDIR"
          fi
          cd "$WORKDIR"
          SHA="${GITHUB_SHA:-${GITEA_SHA:-}}"
          if [ -n "$SHA" ]; then
            git checkout "$SHA"
          fi

      - name: Prepare tags
        if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
        shell: sh
        run: |
          set -eu
          BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}"
          if [ -z "$BRANCH" ]; then
            BRANCH=$(echo "${GITHUB_REF:-${GITEA_REF:-}}" | sed 's#.*/##')
          fi
          BRANCH=$(echo "$BRANCH" | tr '/' '-')
          SHA="${GITHUB_SHA:-${GITEA_SHA:-}}"
          SHA_SHORT=$(echo "$SHA" | cut -c1-7)
          echo "BRANCH=$BRANCH" >> "$GITHUB_ENV"
          echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV"

      - name: Resolve Dockerfile
        if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
        shell: sh
        run: |
          set -eu
          DOCKERFILE_PATH="${DOCKERFILE_PATH:-}"
          BUILD_CONTEXT="${BUILD_CONTEXT:-.}"
          if [ -z "$DOCKERFILE_PATH" ]; then
            for candidate in Dockerfile docker/Dockerfile .docker/Dockerfile build/Dockerfile; do
              if [ -f "$candidate" ]; then
                DOCKERFILE_PATH="$candidate"
                break
              fi
            done
          fi
          if [ -z "$DOCKERFILE_PATH" ]; then
            echo "ERROR: Dockerfile not found."
            exit 1
          fi
          echo "DOCKERFILE_PATH=$DOCKERFILE_PATH" >> "$GITHUB_ENV"
          echo "BUILD_CONTEXT=$BUILD_CONTEXT" >> "$GITHUB_ENV"

      - name: Login registry
        if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
        shell: sh
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        run: |
          set -eu
          if [ -z "${DOCKER_USERNAME:-}" ] || [ -z "${DOCKER_PASSWORD:-}" ]; then
            echo "ERROR: Missing Docker Hub credentials."
            exit 1
          fi
          echo "$DOCKER_PASSWORD" | docker login "$REGISTRY" -u "$DOCKER_USERNAME" --password-stdin

      - name: Build and push images
        if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
        shell: sh
        run: |
          set -eu
          cd "${GITHUB_WORKSPACE:-/workspace}"
          IMAGE_BRANCH_TAG="$IMAGE:${BRANCH}"
          IMAGE_SHA_TAG="$IMAGE:sha-${SHA_SHORT}"
          
          echo "Building image..."
          docker build -t "$IMAGE_BRANCH_TAG" -t "$IMAGE_SHA_TAG" -f "$DOCKERFILE_PATH" "$BUILD_CONTEXT"
          
          echo "Pushing $IMAGE_BRANCH_TAG..."
          docker push "$IMAGE_BRANCH_TAG"
          
          echo "Pushing $IMAGE_SHA_TAG..."
          docker push "$IMAGE_SHA_TAG"
          
          echo "Build and push completed successfully."