name: Build Image
on:
  push:
    branches:
      - 'master'

env:
  TEST_TAG: mrmeeb/certbot-cron:test
  FULL_TAG: git.mrmeeb.stream/mrmeeb/certbot-cron:latest

jobs:
  "Validate Image":
    runs-on: [ubuntu-docker-latest, linux/amd64]
    steps:
      - name: Build locally
        uses: docker/build-push-action@v5
        with:
          load: true
          tags: ${{ env.TEST_TAG }}
          provenance: false
      - name: Test certificate issuing
        id: test
        run: |
          # First create a volume
          docker volume create ${{ gitea.sha }} && \
          # Then issue a certificate
          docker run --rm -v ${{ gitea.sha }}:/config -e STAGING=true -e EMAIL=${{ secrets.EMAIL }} -e DOMAINS=${{ gitea.sha }}.mrmeeb.stream -e PLUGIN=cloudflare -e CLOUDFLARE_TOKEN=${{ secrets.CLOUDFLARE_TOKEN }} -e ONE_SHOT=true -e GENERATE_DHPARAM=false ${{ env.TEST_TAG }} && \
          # Then revoke it again
          docker run --rm --entrypoint "/usr/bin/certbot" -v ${{ gitea.sha }}:/config ${{ env.TEST_TAG }} revoke --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --staging --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --cert-path /config/letsencrypt/live/${{ gitea.sha }}.mrmeeb.stream/fullchain.pem          
      - name: Tidy up
        if: always()
        run: |
          echo "Removing docker volume ${{ gitea.sha }}" && \
          docker volume rm ${{ gitea.sha }}          
      - name: Test Failure
        uses: rjstone/discord-webhook-notify@v1
        if: failure()
        with:
          severity: error
          details: Test Failed!
          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
          username: Gitea
          avatarUrl: ${{ vars.RUNNER_ICON_URL }}
  
  "Publish Image":
    runs-on: [ubuntu-docker-latest, linux/amd64]
    needs: ["Validate Image"]
    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: git.mrmeeb.stream
          username: ${{ env.GITHUB_ACTOR }}
          password: ${{ secrets.GTCR_TOKEN }}
      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          push: true
          platforms: linux/amd64,linux/arm64
          tags: ${{ env.FULL_TAG }}
          provenance: false
      - name: Build Failure
        uses: rjstone/discord-webhook-notify@v1
        if: failure()
        with:
          severity: error
          details: Build Failed!
          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
          username: Gitea
          avatarUrl: ${{ vars.RUNNER_ICON_URL }}

  "Notify":
    runs-on: [ubuntu-docker-latest, linux/amd64]
    needs: ["Validate Image", "Publish Image"]
    steps:
      - name: Notify of success
        uses: rjstone/discord-webhook-notify@v1
        if: success()
        with:
          severity: info
          details: Build succeeded!
          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
          username: Gitea
          avatarUrl: ${{ vars.RUNNER_ICON_URL }}