name: Container
on:
  push:
    branches: [ "main" ]
  pull_request:

jobs:
  push_to_registry:
    permissions:
      packages: write
      contents: read
    name: Build and push containers image to GitHub Packages
    runs-on: ubuntu-latest
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.config.dockerfile }}
      cancel-in-progress: true
    strategy:
      fail-fast: false
      matrix:
        config:
          - { dockerfile: 'vault/Dockerfile', tag: 'vault:latest', repository: 'teepot-vault' }
          - { dockerfile: 'bin/tee-vault-unseal/Dockerfile-azure', tag: 'tvu:latest', repository: 'teepot-tvu' }
          - { dockerfile: 'bin/tee-vault-admin/Dockerfile-azure', tag: 'tva:latest', repository: 'teepot-tva' }
    steps:
      - name: Check out the repo
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USER }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up env
        run: echo "repository_owner=${GITHUB_REPOSITORY_OWNER,,}" >>${GITHUB_ENV}
      - name: Build and Push Container
        uses: docker/build-push-action@v5
        with:
          file: ${{ matrix.config.dockerfile }}
          tags: |
            ghcr.io/${{env.repository_owner}}/${{ github.event.repository.name }}-${{ matrix.config.tag }}
            matterlabsrobot/${{ matrix.config.repository }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max,ignore-error=true
          push: ${{ github.event_name == 'push' ||  github.event_name == 'schedule' }}