name: bluebuild
on:
  schedule:
    - cron:
        "00 06 * * *" # build at 06:00 UTC every Monday
        # (20 minutes after last ublue images start building)
  push:
    branches:
      - main
    paths-ignore: # don't rebuild if only documentation has changed
      - "**.md"
      - ".github/workflows/build-nvidia.yml"
      - "files/scripts/nvidia/**"
      - "recipes/components/nvidia-module.yml"
      - "recipes/recipe_nvidia.yml"
  pull_request:
  workflow_dispatch: # allow manually triggering builds
jobs:
  bluebuild:
    name: Build Custom Image
    runs-on: fedora-latest
    permissions:
      contents: read
      packages: write
      id-token: write
    strategy:
      matrix:
        recipe:
          - recipe.yml
    steps:
      - name: Install required packages
        shell: bash
        run: |
          sudo dnf install -y nodejs docker-cli docker-buildx containerd
      
      - uses: sigstore/cosign-installer@v3.9.0
        with:
          install-dir: /usr/bin
          use-sudo: true

      # clones user's repo
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Determine Vars
        id: build_vars
        shell: bash
        env:
          RECIPE: ${{ matrix.recipe }}
        run: |
          if [[ "${{ inputs.use_unstable_cli }}" == "true" && -z "${{ inputs.cli_version }}" ]]; then
            CLI_VERSION_TAG="main"
          elif [ -n "${{ inputs.cli_version }}" ]; then
            CLI_VERSION_TAG="${{ inputs.cli_version }}"
          else
            CLI_VERSION_TAG="v0.9"
          fi
          echo "cli_version=${CLI_VERSION_TAG}" >> ${GITHUB_OUTPUT}

          RECIPE_PATH=""
          if [ -f "./config/${RECIPE}" ]; then
            RECIPE_PATH="./config/${RECIPE}"
          else
            RECIPE_PATH="./recipes/${RECIPE}"
          fi
          echo "recipe_path=${RECIPE_PATH}" >> ${GITHUB_OUTPUT}
      
      - name: Install BlueBuild
        shell: bash
        env:
          CLI_VERSION_TAG: ${{ steps.build_vars.outputs.cli_version }}
        run: |
          sudo docker create \
            --name blue-build-installer \
            ghcr.io/blue-build/cli:${{ env.CLI_VERSION_TAG }}-installer
          sudo docker cp blue-build-installer:/out/bluebuild /usr/bin/bluebuild
          sudo docker rm blue-build-installer
          bluebuild --version
        
      # blue-build/cli does the heavy lifting
      - name: Build Image
        shell: bash
        working-directory: ${{ inputs.working_directory }}
        env:
          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
          GH_TOKEN: ${{ secrets.PACKAGE_BUILDER_TOKEN }}
          BB_PASSWORD: ${{ inputs.registry_token }}
          BB_USERNAME: ${{ github.repository_owner }}
          BB_REGISTRY: 'git.hydrosaber.com'
          BB_REGISTRY_NAMESPACE: ${{ github.repository_owner }}
          GH_PR_EVENT_NUMBER: ${{ github.event.number }}
          BB_CACHE_LAYERS: false
          RECIPE_PATH: ${{ steps.build_vars.outputs.recipe_path }}
          RUST_LOG_STYLE: always
          CLICOLOR_FORCE: "1"
          RUST_BACKTRACE: "1"
        run: |
          sudo -E bluebuild build -v --push ${RECIPE_PATH}