name: Build Docker Image

on:
  push:
    branches: [main]
    tags:
      - 'v*'
  workflow_dispatch:

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write

    outputs:
      image-tag: ${{ steps.meta.outputs.tags }}
      image-digest: ${{ steps.build.outputs.digest }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Lowercase repository name
        id: lowercase
        run: |
          echo "repo=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT

      - name: Extract metadata (tags, labels)
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ steps.lowercase.outputs.repo }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=sha,prefix={{branch}}-
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Build and push Docker image
        id: build
        uses: docker/build-push-action@v5
        with:
          context: ./services/nextjs
          file: ./deploy/docker/Dockerfile.prod
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Extract SHA tag
        id: extract-tag
        run: |
          # Extract the SHA-based tag from the tags list
          TAGS="${{ steps.meta.outputs.tags }}"
          SHA_TAG=$(echo "$TAGS" | grep -o 'main-sha-[a-f0-9]\+' | head -n 1)
          echo "sha-tag=$SHA_TAG" >> $GITHUB_OUTPUT
          echo "Extracted SHA tag: $SHA_TAG"

      - name: Update kustomization with new image tag
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"

          # Update kustomization.yaml with new image tag
          sed -i 's|newTag:.*|newTag: ${{ steps.extract-tag.outputs.sha-tag }}|' deploy/k8s/overlays/prod/kustomization.yaml

          # Commit and push if there are changes
          if git diff --quiet; then
            echo "No changes to commit"
          else
            git add deploy/k8s/overlays/prod/kustomization.yaml
            git commit -m "Update image to ${{ steps.extract-tag.outputs.sha-tag }}"
            git push
            echo "✅ Kustomization updated with new image tag"
          fi

      - name: Display image information
        run: |
          echo "✅ Image built and pushed successfully!"
          echo "📦 Image tags:"
          echo "${{ steps.meta.outputs.tags }}"
          echo "🔖 SHA tag: ${{ steps.extract-tag.outputs.sha-tag }}"
          echo "🔖 Digest: ${{ steps.build.outputs.digest }}"
          echo ""
          echo "🚀 Kustomization updated with new image tag"
          echo "   ArgoCD will automatically detect and deploy this new image"
          echo "   Monitor deployment at your ArgoCD dashboard"