name: ASF-docker-publish-main

on:
  push:
    branches:
    - main

env:
  PLATFORMS: linux/amd64,linux/arm,linux/arm64
  TAG: main

permissions:
  packages: write

jobs:
  main:
    environment: release-docker
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        show-progress: false
        submodules: recursive

    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

    - name: Login to ghcr.io
      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Login to DockerHub
      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}

    - name: Prepare environment outputs
      shell: sh
      run: |
        set -eu

        echo "DATE_ISO8601=$(date --iso-8601=seconds --utc)" >> "$GITHUB_ENV"
        echo "GHCR_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
        echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"

    - name: Build and publish Docker image from Dockerfile
      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
      with:
        context: .
        platforms: ${{ env.PLATFORMS }}
        provenance: true
        sbom: true
        secrets: |
          ASF_PRIVATE_SNK=${{ secrets.ASF_PRIVATE_SNK }}
          STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
        labels: |
          org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
          org.opencontainers.image.version=${{ github.sha }}
          org.opencontainers.image.revision=${{ github.sha }}
        tags: |
          ghcr.io/${{ env.GHCR_REPOSITORY }}:${{ env.TAG }}
          ${{ env.DH_REPOSITORY }}:${{ env.TAG }}
        push: true

    - name: Update DockerHub repository description
      uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
        repository: ${{ env.DH_REPOSITORY }}
        short-description: ${{ github.event.repository.description }}