name: Build Edge Docker Image

# Edge Docker images are built for every push to master
on:
  push:
    branches:
      - master
  workflow_dispatch:

concurrency:
  group: docker-edge-build
  cancel-in-progress: true

permissions:
  contents: read
  packages: write

env:
  IMAGES: |
    ${{ !github.event.repository.fork && 'actualbudget/actual-server' || '' }}
    ghcr.io/${{ github.repository_owner }}/actual-server
    ghcr.io/${{ github.repository_owner }}/actual

  # Creates the following tags:
  # - actual-server:edge
  TAGS: |
    type=edge,value=edge
    type=sha

jobs:
  build:
    if: github.event_name == 'workflow_dispatch' || !github.event.repository.fork
    name: Build Docker image
    runs-on: ubuntu-latest
    strategy:
      matrix:
        os: [ubuntu, alpine]
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
        with:
          # Push to both Docker Hub and Github Container Registry
          images: ${{ env.IMAGES }}
          flavor: ${{ matrix.os != 'ubuntu' && format('suffix=-{0}', matrix.os) || '' }}
          tags: ${{ env.TAGS }}

      - name: Login to Docker Hub
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        if: github.event_name != 'pull_request' && !github.event.repository.fork
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        if: github.event_name != 'pull_request'
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Building outside of the docker image allows us to build once and push to multiple platforms
      # This is faster and avoids yarn memory issues
      - name: Set up environment
        uses: ./.github/actions/setup
      - name: Build Web
        run: yarn build:server

      - name: Build image for testing
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
          push: false
          load: true
          file: packages/sync-server/docker/${{ matrix.os }}.Dockerfile
          tags: actualbudget/actual-server-testing

      - name: Test that the docker image boots
        run: |
          docker run --detach --network=host actualbudget/actual-server-testing
          sleep 10
          curl --fail -sS -LI -w '%{http_code}\n' --retry 20 --retry-delay 1 --retry-connrefused localhost:5006

      # This will use the cache from the earlier build step and not rebuild the image
      # https://docs.docker.com/build/ci/github-actions/test-before-push/
      - name: Build and push images
        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          file: packages/sync-server/docker/${{ matrix.os }}.Dockerfile
          platforms: linux/amd64,linux/arm64,linux/arm/v7${{ matrix.os == 'alpine' && ',linux/arm/v6' || '' }}
          tags: ${{ steps.meta.outputs.tags }}
          build-args: |
            GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}