name: docker

on:
  push:
    branches: [main]

env:
  REGISTRY: git.nexveridian.com
  IMAGE_NAME: ${{ github.repository }}
  NIX_CONFIG: "experimental-features = nix-command flakes"

jobs:
  build:
    runs-on: docker
    permissions:
      contents: read
      packages: write
      id-token: write

    steps:
      - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.nexveridian.com ${{ secrets.ATTIC_TOKEN }} || true
      - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client cache create nexveridian-web || true
      - run: nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use nexveridian-web || true

      - name: Install Node.js
        run: |
          mkdir -p ~/.local/bin
          nix build -I nixpkgs=channel:nixos-unstable nixpkgs#nodejs_24 -o ~/.local/nodejs
          ln -sf ~/.local/nodejs/bin/node ~/.local/bin/node
          ln -sf ~/.local/nodejs/bin/npm ~/.local/bin/npm
          echo "$HOME/.local/bin" >> $GITHUB_PATH

      - uses: actions/checkout@v4

      - name: Install skopeo
        run: |
          mkdir -p ~/.local/bin
          nix build -I nixpkgs=channel:nixos-unstable nixpkgs#skopeo -o ~/.local/skopeo
          ln -sf ~/.local/skopeo/bin/skopeo ~/.local/bin/skopeo
          echo "$HOME/.local/bin" >> $GITHUB_PATH

      - name: Build Nix package
        run: nix build .#my-docker

      - name: Prepare repository variables
        run: |
          echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
          STRIP_REPO_USERNAME=${GITHUB_REPOSITORY,,#nexveridian/}
          echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}

      - name: Setup skopeo policy and push image
        run: |
          echo "Setting up container policy..."
          mkdir -p ~/.config/containers
          cat > ~/.config/containers/policy.json << EOF
          {
            "default": [
              {
                "type": "insecureAcceptAnything"
              }
            ]
          }
          EOF

          echo "Setting up temporary directory..."
          mkdir -p ~/tmp

          echo "Checking result file..."
          ls -la result || echo "Result file not found"
          file result || echo "Cannot determine file type"

          echo "Copying image from Docker archive to registry..."
          TMPDIR=~/tmp skopeo copy \
            --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \
            docker-archive:result \
            docker://${{ env.REGISTRY }}/${{ env.REPO }}:latest

      - name: Push to attic
        if: always()
        run: |
          valid_paths=""
          for path in /nix/store/*/; do
            if nix path-info "$path" >/dev/null 2>&1; then
              valid_paths="$valid_paths $path"
            fi
          done

          if [ -n "$valid_paths" ]; then
            for i in {1..3}; do
              nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 3 ] || sleep 5
            done
          fi