name: Dynamic Build and Deploy Hardened Images

on:
  push:
    branches:
      - main
    paths:
      - '**.yml'
      - '**.yaml'
  schedule:
    - cron: '0 0 * * 5'
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to DHI Registry
        uses: docker/login-action@v3
        with:
          registry: dhi.io
          username: ${{ secrets.DHI_USERNAME }}
          password: ${{ secrets.DHI_PASSWORD }}

      - name: Log in to Private Registry
        uses: docker/login-action@v3
        with:
          registry: registry.chillcog.com
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Detect and Build Images
        run: |
          FILES_TO_BUILD=""

          # 1. Determine the trigger type
          if [ "${{ github.event_name }}" = "schedule" ] || [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            echo "Scheduled or manual run triggered. Processing all YAML files..."
            # Find all .yml and .yaml files, excluding the workflow file itself
            FILES_TO_BUILD=$(find . -maxdepth 1 -name "*.yml" -o -name "*.yaml")
          else
            echo "Push triggered. Detecting changed files..."
            # Get list of added/modified files in this push commit
            FILES_TO_BUILD=$(git diff-tree --no-commit-id --name-only -r ${{ github.sha }} | grep -E '\.(yml|yaml)$' || true)
          fi

          # 2. Process each detected file
          for file in $FILES_TO_BUILD; do
            # Clean path string and ensure file still exists (handles deleted files safely)
            file=$(echo "$file" | sed 's|^\./||')
            if [ ! -f "$file" ]; then continue; fi
            
            # Skip the workflow directory completely
            if [[ "$file" == .gitea/* ]]; then continue; fi

            # Extract the filename without path and without extension
            filename=$(basename -- "$file")
            image_name="${filename%.*}"

            echo "---------------------------------------------------"
            echo "Processing: $file -> Image target: $image_name:latest"
            echo "---------------------------------------------------"

            # Execute the DHI BuildKit build and push natively via CLI
            docker buildx build \
              --push \
              --no-cache \
              -f "$file" \
              -t "registry.chillcog.com/${image_name}:latest" \
              .
          done