name: Docker

on:
  push:
    branches:
      - 'master'
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]

jobs:
  config:
    runs-on: "ubuntu-latest"
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
      - name: "Check for secrets"
        id: check
        shell: bash
        run: |
          if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
            echo "has secrets!"
          else
            echo "has-secrets=0" >> "$GITHUB_OUTPUT"
            echo "no secrets!"
          fi

  docker-build:
    needs: config
    if: needs.config.outputs.has-secrets
    name: docker-build
    runs-on: ubuntu-latest
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v3
        with:
          persist-credentials: false

      - shell: bash
        env:
          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
        run: |
          .github/workflows/docker_build_push.sh

      - name: Build ephemeral env image
        if: github.event_name == 'pull_request'
        run: |
          mkdir -p ./build
          echo ${{ github.sha }} > ./build/SHA
          echo ${{ github.event.pull_request.number }} > ./build/PR-NUM
          DOCKER_BUILDKIT=1 docker build --target ci -t ${{ github.sha }} -t "pr-${{ github.event.pull_request.number }}" .
          docker save ${{ github.sha }} | gzip > ./build/${{ github.sha }}.tar.gz

      - name: Upload build artifacts
        if: github.event_name == 'pull_request'
        uses: actions/upload-artifact@v3
        with:
          name: build
          path: build/