name: Docker Publish GHCR

on:
  workflow_call:
    inputs:
      repository:
        required: true
        type: string
      ref:
        required: true
        type: string
      image_name:
        required: true
        type: string
      file:
        required: false
        type: string
        default: 'Dockerfile'
      platforms:
        required: false
        type: string
        default: 'linux/amd64'

jobs:
  docker:
    runs-on: ubuntu-22.04
    steps:
      - name: Echo test
        run: echo "${{ inputs.image_name }}"

      - name: Checkout Code to Build
        uses: actions/checkout@v4
        with:
          repository: ${{ inputs.repository }}
          ref: ${{ inputs.ref }}
          token: ${{ github.token }}

      - name: Load Infisical Secrets
        uses: martin/chromart-gitea-actions/.gitea/actions/infisical-secrets@main

      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: martindmtrv
          # The Infisical secrets action needs to provide a secret named GHCR_PAT
          password: ${{ env.GHCR_PAT }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v6
        with:
          # image_name should be formatted like: user/repo
          images: ghcr.io/${{ inputs.image_name }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ${{ inputs.file }}
          platforms: ${{ inputs.platforms }}
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}