.github/workflows/publish.yml

name: Make release & publish Docker image

on:
  push:
    tags:
    - 'v*'

env:
  REGISTRY_IMAGE: ghcr.io/museofficial/muse

jobs:
  publish:
    strategy:
      matrix:
        runner-platform:
          - ubuntu-latest
          - namespace-profile-default-arm64
        include:
          - runner-platform: ubuntu-latest
            build-arch: linux/amd64
            tagged-platform: amd64
          - runner-platform: namespace-profile-default-arm64
            build-arch: linux/arm64
            tagged-platform: arm64
    runs-on: ${{ matrix.runner-platform }}
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    steps:
      - name: Set up Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Get current time
        uses: josStorer/get-current-time@v2
        id: current-time

      - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v6
        with:
          push: true
          tags: |
            codetheweb/muse:${{ github.sha }}-${{ matrix.tagged-platform }}
            ${{ env.REGISTRY_IMAGE }}:${{ github.sha }}-${{ matrix.tagged-platform }}
          platforms: ${{ matrix.build-arch }}
          build-args: |
            COMMIT_HASH=${{ github.sha }}
            BUILD_DATE=${{ steps.current-time.outputs.time }}

  combine:
    name: Combine platform tags
    runs-on: ubuntu-latest
    needs: publish
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
    steps:
      - uses: actions/checkout@v1

      - name: Set up Buildx
        uses: docker/setup-buildx-action@v1

      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Get tags (Docker Hub)
        id: get-tags-dockerhub
        uses: Surgo/docker-smart-tag-action@v1
        with:
          docker_image: codetheweb/muse

      - name: Get tags (ghcr.io)
        id: get-tags-ghcr
        uses: Surgo/docker-smart-tag-action@v1
        with:
          docker_image: ${{ env.REGISTRY_IMAGE }}

      - name: Combine tags (Docker Hub)
        run: docker buildx imagetools create $(echo '${{ steps.get-tags-dockerhub.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') 'codetheweb/muse:${{ github.sha }}-arm64' 'codetheweb/muse:${{ github.sha }}-amd64'

      - name: Combine tags (GitHub Container Registry)
        run: docker buildx imagetools create $(echo '${{ steps.get-tags-ghcr.outputs.tag }}' | tr "," "\0" | xargs -0 printf -- '-t %s ') '${{ env.REGISTRY_IMAGE }}:${{ github.sha }}-arm64' '${{ env.REGISTRY_IMAGE }}:${{ github.sha }}-amd64'

      - name: Update Docker Hub description
        uses: peter-evans/dockerhub-description@v2.4.3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
          repository: codetheweb/muse

  release:
    name: Create GitHub release
    runs-on: ubuntu-latest
    needs: combine
    steps:
      - uses: actions/checkout@v2

      - name: Get version from tag
        id: tag_name
        run: |
          echo ::set-output name=current_version::${GITHUB_REF#refs/tags/v}
        shell: bash

      - name: Get Changelog Entry
        id: changelog_reader
        uses: mindsers/changelog-reader-action@v2
        with:
          version: ${{ steps.tag_name.outputs.current_version }}
          path: ./CHANGELOG.md

      - name: Create/update release
        uses: ncipollo/release-action@v1
        with:
          tag: v${{ steps.changelog_reader.outputs.version }}
          name: Release v${{ steps.changelog_reader.outputs.version }}
          body: ${{ steps.changelog_reader.outputs.changes }}
          prerelease: ${{ steps.changelog_reader.outputs.status == 'prereleased' }}
          draft: ${{ steps.changelog_reader.outputs.status == 'unreleased' }}
          allowUpdates: true
          token: ${{ secrets.GH_PAT }}