name: Build Edge Docker Image

# Edge Docker images are built for every push to master
on:
  push:
    branches:
      - master
  workflow_dispatch:

concurrency:
  group: docker-edge-build
  cancel-in-progress: true

permissions:
  contents: read
  packages: write

env:
  IMAGES: |
    ${{ !github.event.repository.fork && 'actualbudget/actual-server' || '' }}
    ghcr.io/${{ github.repository_owner }}/actual-server
    ghcr.io/${{ github.repository_owner }}/actual

  # Creates the following tags:
  # - actual-server:edge
  TAGS: |
    type=edge,value=edge
    type=sha

jobs:
  build:
    if: github.event_name == 'workflow_dispatch' || !github.event.repository.fork
    name: Build Docker image
    runs-on: ubuntu-latest
    strategy:
      matrix:
        os: [ubuntu, alpine]
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          # Push to both Docker Hub and Github Container Registry
          images: ${{ env.IMAGES }}
          flavor: ${{ matrix.os != 'ubuntu' && format('suffix=-{0}', matrix.os) || '' }}
          tags: ${{ env.TAGS }}

      - name: Login to Docker Hub
        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
        if: github.event_name != 'pull_request' && !github.event.repository.fork
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
        if: github.event_name != 'pull_request'
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Building outside of the docker image allows us to build once and push to multiple platforms
      # This is faster and avoids yarn memory issues
      - name: Set up environment
        uses: ./.github/actions/setup
      - name: Build Web
        run: yarn build:server

      - name: Build image for testing
        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
        with:
          context: .
          push: false
          load: true
          file: packages/sync-server/docker/${{ matrix.os }}.Dockerfile
          tags: actualbudget/actual-server-testing

      - name: Test that the docker image boots
        run: |
          docker run --detach --network=host actualbudget/actual-server-testing
          sleep 10
          curl --fail -sS -LI -w '%{http_code}\n' --retry 20 --retry-delay 1 --retry-connrefused localhost:5006

      # This will use the cache from the earlier build step and not rebuild the image
      # https://docs.docker.com/build/ci/github-actions/test-before-push/
      - name: Build and push images
        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          file: packages/sync-server/docker/${{ matrix.os }}.Dockerfile
          platforms: linux/amd64,linux/arm64,linux/arm/v7${{ matrix.os == 'alpine' && ',linux/arm/v6' || '' }}
          tags: ${{ steps.meta.outputs.tags }}
          build-args: |
            GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}