name: CI Container Build & Push
on:
  workflow_call:
    inputs:
      env_json:
        required: true
        type: string
      dockerfile_path:
        required: true
        type: string
      image_name:
        required: true
        type: string
      tag:
        required: true
        type: string
    secrets:
      DOCKER_USERNAME:
        required: false
      DOCKER_PASSWORD:
        required: true

env:
  DOCKER_REGISTRY: ${{ fromJson(inputs.env_json).DOCKER_REGISTRY || '' }}
  IMAGE_NAME: ${{ inputs.image_name }}
  TAG: ${{ inputs.tag }}
  DOCKERFILE: ${{ inputs.dockerfile_path }}

jobs:
  build-push:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build and push CI container
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME || github.actor }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        run: |
          NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ)
          docker build \
            --label "git.commit=${{ github.sha }}" \
            --label "git.commitBy=${{ github.actor }}" \
            --label "build.date=${NOW}" \
            -f "${DOCKERFILE}" \
            -t "${IMAGE_NAME}:${TAG}" .

          REGISTRY="${DOCKER_REGISTRY:?DOCKER_REGISTRY not set in env.conf}"
          REGISTRY_HOST="${REGISTRY%%/*}"

          FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${TAG}"
          echo "Pushing ${FULL_IMAGE} ..."

          docker tag "${IMAGE_NAME}:${TAG}" "$FULL_IMAGE"
          echo "$DOCKER_PASSWORD" | docker login "$REGISTRY_HOST" -u "$DOCKER_USERNAME" --password-stdin
          docker push "$FULL_IMAGE"
          docker logout "$REGISTRY_HOST"