name: docker

on:
  push:
    branches: [main]

env:
  REGISTRY: git.nexveridian.com
  IMAGE_NAME: ${{ github.repository }}
  NIX_CONFIG: "experimental-features = nix-command flakes"

jobs:
  build:
    runs-on: docker
    permissions:
      contents: read
      packages: write
      id-token: write

    steps:
      - name: Setup Attic cache
        run: |
          nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client login nex https://nix.nexveridian.com ${{ secrets.ATTIC_TOKEN }} || true
          nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client use nexveridian-web || true

      - uses: actions/checkout@v4

      - name: Log into registry ${{ env.REGISTRY }}
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build Nix package
        run: nix build .#my-docker

      - name: Prepare repository variables
        run: |
          echo "REPO=${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV}
          STRIP_REPO_USERNAME=${GITHUB_REPOSITORY,,#nexveridian/}
          echo "STRIP_REPO_USERNAME=${STRIP_REPO_USERNAME}" >> ${GITHUB_ENV}

      - name: Load, tag and push Docker image
        run: |
          docker load < result
          docker tag ${{ env.STRIP_REPO_USERNAME }}:latest ${{ env.REGISTRY }}/${{ env.REPO }}:latest
          docker push ${{ env.REGISTRY }}/${{ env.REPO }}:latest

      - name: Push to attic
        if: always()
        run: |
          valid_paths=""
          for path in /nix/store/*/; do
            if nix path-info "$path" >/dev/null 2>&1; then
              valid_paths="$valid_paths $path"
            fi
          done

          if [ -n "$valid_paths" ]; then
            for i in {1..3}; do
              nix run -I nixpkgs=channel:nixos-unstable nixpkgs#attic-client push nexveridian-web $valid_paths && break || [ $i -eq 3 ] || sleep 5
            done
          fi