name: 🐳 Build Ansible Act Runner Image

on:
  push:
    branches:
      - main
    paths:
      - 'docker/Dockerfile'
  workflow_dispatch:
    inputs:
      force_rebuild:
        description: 'Force rebuild without cache'
        required: false
        default: 'false'
        type: boolean

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: 🔎 Checkout
        uses: actions/checkout@v4

      - name: 🐳 Install Docker CLI
        run: |
          apt-get update && apt-get install -y --no-install-recommends \
            ca-certificates \
            curl \
            gnupg
          install -m 0755 -d /etc/apt/keyrings
          curl -fsSL https://download.docker.com/linux/debian/gpg \
            -o /etc/apt/keyrings/docker.asc
          chmod a+r /etc/apt/keyrings/docker.asc
          echo "deb [arch=$(dpkg --print-architecture) \
            signed-by=/etc/apt/keyrings/docker.asc] \
            https://download.docker.com/linux/debian \
            $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
            > /etc/apt/sources.list.d/docker.list
          apt-get update && apt-get install -y --no-install-recommends docker-ce-cli

      - name: 🏷️ Set Image Tags
        id: tags
        run: |
          REGISTRY="gitea.mod.home"
          ORG="${{ gitea.repository_owner }}"
          IMAGE="ansible-act-runner"
          SHORT_SHA="${{ gitea.sha }}"
          SHORT_SHA="${SHORT_SHA:0:8}"

          echo "tag_latest=${REGISTRY}/${ORG}/${IMAGE}:latest" >> $GITHUB_OUTPUT
          echo "tag_sha=${REGISTRY}/${ORG}/${IMAGE}:${SHORT_SHA}" >> $GITHUB_OUTPUT
          echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT

      - name: 🐳 Docker Login → Gitea Registry
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | \
            docker login gitea.mod.home \
              --username "${{ secrets.REGISTRY_USER }}" \
              --password-stdin

      - name: 🐳 Build Image
        run: |
          BUILD_ARGS=""
          if [ "${{ inputs.force_rebuild }}" = "true" ]; then
            BUILD_ARGS="--no-cache"
          fi

          docker build ${BUILD_ARGS} \
            -t ${{ steps.tags.outputs.tag_latest }} \
            -t ${{ steps.tags.outputs.tag_sha }} \
            -f docker/Dockerfile \
            docker/

      - name: 🐳 Push Image
        run: |
          docker push ${{ steps.tags.outputs.tag_latest }}
          docker push ${{ steps.tags.outputs.tag_sha }}

      - name: 📨 Telegram Notification
        run: |
          STATUS="${{ job.status }}"
          TEXT="🐳 Build: ansible-act-runner:${{ steps.tags.outputs.short_sha }}%0AStatus: ${STATUS}"
          curl -s -X POST \
            "https://api.telegram.org/bot${{ secrets.TELEGRAM_BOT_TOKEN }}/sendMessage" \
            -d "chat_id=${{ secrets.TELEGRAM_CHAT_ID }}" \
            -d "text=${TEXT}"
        if: always()