name: Docker
on:
  schedule:
    - cron: '0 1 * * *'
  push:
    tags:
      - '[0-9]+.[0-9]+.[0-9]+'
  pull_request:
    branches: [ main ]
    paths:
      - 'packaging/docker/**'
      - '.github/workflows/docker.yml'
jobs:
  docker-images:
    name: Docker Images
    if: github.repository_owner == 'miniflux'
    permissions:
      packages: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0

      - name: Generate Alpine Docker tags
        id: docker_alpine_tags
        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: |
            docker.io/${{ github.repository_owner }}/miniflux
            ghcr.io/${{ github.repository_owner }}/miniflux
            quay.io/${{ github.repository_owner }}/miniflux
          tags: |
            type=ref,event=pr
            type=schedule,pattern=nightly
            type=semver,pattern={{raw}}

      - name: Generate Distroless Docker tags
        id: docker_distroless_tags
        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: |
            docker.io/${{ github.repository_owner }}/miniflux
            ghcr.io/${{ github.repository_owner }}/miniflux
            quay.io/${{ github.repository_owner }}/miniflux
          tags: |
            type=ref,event=pr
            type=schedule,pattern=nightly
            type=semver,pattern={{raw}}
          flavor: |
            suffix=-distroless,onlatest=true

      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

      - name: Login to DockerHub
        if: ${{ github.event_name != 'pull_request' }}
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        if: ${{ github.event_name != 'pull_request' }}
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to Quay Container Registry
        if: ${{ github.event_name != 'pull_request' }}
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_TOKEN }}

      - name: Build and Push Alpine images
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          file: ./packaging/docker/alpine/Dockerfile
          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/riscv64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.docker_alpine_tags.outputs.tags }}

      - name: Build and Push Distroless images
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: .
          file: ./packaging/docker/distroless/Dockerfile
          platforms: linux/amd64,linux/arm64,linux/riscv64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.docker_distroless_tags.outputs.tags }}