name: docker-tag-triggered-prod

on:
  push:
    tags:
      - '*'

jobs:
  gcr-dockerhub-build-publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Update runc (temporary fix) # TODO: Remove step when https://github.com/actions/virtual-environments/issues/2658 fixed
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 5
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            sudo apt-get install libseccomp-dev
            git clone https://github.com/opencontainers/runc
            cd runc
            make
            sudo make install
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container Registry (GHCR)
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.CR_PAT }}
      - name: Sync GitHub README.md with Docker Hub
        uses: peter-evans/dockerhub-description@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }} # NOTE: This MUST be the password NOT the token
          repository: ${{ github.repository }}Hub
          short-description: ${{ github.event.repository.description }}
      - name: DEBUG Show Runners environment
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 5
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            export
      - name: Identify GitHub tag name
        # get tag name from runners environment 'GITHUB_REF' and then use bash substring
        # to strip out '+' symbol - required due to gcr not supporting this as a tag
        # name (docker hub does support it).
        # note if push is NOT triggered by tag then 'GITHUB_REF' will be the branch name.
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 5
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            echo "##[set-output name=tag;]$(tag_name=${GITHUB_REF#refs/tags/} && echo "${tag_name//+/-}")"
        id: identify_tag
      - name: Build Docker image and tag
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 60
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            docker build \
              --tag ${{ github.repository }}:latest \
              --tag ${{ github.repository }}:${{ steps.identify_tag.outputs.tag }} \
              --tag ghcr.io/${{ github.repository }}:latest \
              --tag ghcr.io/${{ github.repository }}:${{ steps.identify_tag.outputs.tag }} \
              .
      - name: DEBUG Show built Docker Images
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 5
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            docker images
      - name: Push Docker image to Docker Hub
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 30
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            docker push ${{ github.repository }}:latest
            docker push ${{ github.repository }}:${{ steps.identify_tag.outputs.tag }}
      - name: Push Docker image to GitHub Container Registry (GHCR)
        uses: nick-invision/retry@v2.4.0
        with:
          timeout_minutes: 30
          max_attempts: 3
          retry_wait_seconds: 120
          retry_on: error
          command: |
            docker push ghcr.io/${{ github.repository }}:latest
            docker push ghcr.io/${{ github.repository }}:${{ steps.identify_tag.outputs.tag }}