name: Build & Publish Artifact
on:
  workflow_call:
    inputs:
      env_json:
        required: true
        type: string
      bats-image:
        required: true
        type: string
      cucumber-node-image:
        required: true
        type: string
    secrets:
      GITEA_TOKEN:
        required: true
      GIT_PAGES_PUBLISH_TOKEN:
        required: true

env:
  GITEA_API_URL: ${{ fromJson(inputs.env_json).GITEA_API_URL }}
  GIT_PAGES_URL: ${{ fromJson(inputs.env_json).GIT_PAGES_URL }}
  GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
  GIT_PAGES_PUBLISH_TOKEN: ${{ secrets.GIT_PAGES_PUBLISH_TOKEN }}

jobs:
  check:
    runs-on: ubuntu-latest
    outputs:
      artifact_exists: ${{ steps.check.outputs.artifact_exists }}
      version: ${{ steps.check.outputs.version }}
    steps:
      - uses: actions/checkout@v4

      - name: Check existing artifact
        id: check
        run: |
          VERSION=$(jq -r '.version' package.json)
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"

          TAGS_JSON=$(curl -s -H "Authorization: token $GITEA_TOKEN" \
            "$GITEA_API_URL/api/v1/repos/$GITHUB_REPOSITORY/tags")
          TAG=$(echo "$TAGS_JSON" | jq -r 'if type == "array" then .[] | select(.commit.sha == "'"$GITHUB_SHA"'") | .name else empty end' | head -1)
          if [ -n "$TAG" ]; then
            echo "artifact_exists=true" >> "$GITHUB_OUTPUT"
            echo "Commit already tagged as $TAG, skipping build"
          else
            echo "artifact_exists=false" >> "$GITHUB_OUTPUT"
          fi

  quality-gate:
    needs: [check]
    if: needs.check.outputs.artifact_exists == 'false'
    uses: niko/gitea-ci-library/.gitea/workflows/quality-gate.yml@main
    secrets: inherit
    with:
      env_json: ${{ inputs.env_json }}
      bats-image: ${{ inputs.bats-image }}
      cucumber-node-image: ${{ inputs.cucumber-node-image }}

  build:
    needs: [check, quality-gate]
    runs-on: ubuntu-latest
    services:
      docker:
        image: docker:dind
        env:
          DOCKER_TLS_CERTDIR: ""
    env:
      DOCKER_HOST: tcp://docker:2375
    steps:
      - uses: actions/checkout@v4

      - name: Build container
        shell: bash
        run: |
          VERSION="${{ needs.check.outputs.version }}"
          NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ)
          set +e
          docker build \
            --label "git.commit=${GITHUB_SHA:0:8}" \
            --label "git.commitBy=${GITHUB_ACTOR}" \
            --label "build.date=${NOW}" \
            -t "minimal:${VERSION}" .
          BUILD_EXIT=$?
          mkdir -p /tmp/image
          if [ "${BUILD_EXIT}" = "0" ]; then
            docker save "minimal:${VERSION}" -o /tmp/image/artifact.tar
            bash scripts/report-status.sh success "Docker build OK" ci-docker-build
          else
            bash scripts/report-status.sh failure "Docker build FAILED" ci-docker-build
          fi
          echo "BUILD_EXIT=${BUILD_EXIT}" >> "${GITHUB_ENV}"
          exit ${BUILD_EXIT}

      - name: Save Docker image for next job
        uses: actions/upload-artifact@v4
        with:
          name: docker-image
          path: /tmp/image/artifact.tar

  push:
    needs: [check, build]
    runs-on: ubuntu-latest
    services:
      docker:
        image: docker:dind
        env:
          DOCKER_TLS_CERTDIR: ""
    env:
      DOCKER_HOST: tcp://docker:2375
    steps:
      - uses: actions/checkout@v4

      - name: Load saved Docker image
        uses: actions/download-artifact@v4
        with:
          name: docker-image
          path: /tmp/image

      - name: Push to Gitea Packages
        shell: bash
        run: |
          VERSION="${{ needs.check.outputs.version }}"
          set +e
          docker load -i /tmp/image/artifact.tar
          REGISTRY=$(echo "$GITEA_API_URL" | sed 's|https://||')
          IMAGE="$REGISTRY/niko/gitea-ci-library/minimal:$VERSION"
          docker tag "minimal:$VERSION" "$IMAGE"
          docker login "$REGISTRY" -u niko -p "$GITEA_TOKEN"
          docker push "$IMAGE"
          PUSH_EXIT=$?
          docker logout "$REGISTRY" > /dev/null 2>&1
          if [ "${PUSH_EXIT}" = "0" ]; then
            bash scripts/report-status.sh success "Docker push OK" ci-docker-push
          else
            bash scripts/report-status.sh failure "Docker push FAILED" ci-docker-push
          fi
          exit ${PUSH_EXIT}

  tag-commit:
    needs: [check, push]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Create git tag
        shell: bash
        run: |
          VERSION="${{ needs.check.outputs.version }}"
          set +e
          HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
            "$GITEA_API_URL/api/v1/repos/$GITHUB_REPOSITORY/tags" \
            -H "Authorization: token $GITEA_TOKEN" \
            -H "Content-Type: application/json" \
            -d "{
              \"tag_name\": \"$VERSION\",
              \"message\": \"Build #$GITHUB_RUN_NUMBER\",
              \"target\": \"$GITHUB_SHA\"
            }")

          if [ "$HTTP_CODE" = "201" ]; then
            echo "Tag $VERSION created"
            bash scripts/report-status.sh success "Tag $VERSION" ci-docker-tag
          elif [ "$HTTP_CODE" = "409" ]; then
            echo "Tag $VERSION already exists (parallel build won), skipping"
            bash scripts/report-status.sh success "Tag exists" ci-docker-tag
          else
            bash scripts/report-status.sh failure "Tag FAILED HTTP $HTTP_CODE" ci-docker-tag
            exit 1
          fi