.github/workflows/docker-release.yml

name: Publish to Docker Hub (Release)

on:
  release:
    types:
      - published
    branches: master

jobs:
  docker-release-build:
    name: Build docker image
    strategy:
      matrix:
        include:
          - arch: 'amd64'
            dockerfile: 'Dockerfile'

          - arch: 'arm64'
            dockerfile: 'Dockerfile.aarch64'
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@master
        with:
          ref: "${{ github.ref }}"
          submodules: recursive
          fetch-depth: 0 # This is set to download the full git history for the repo

      - name: Replace Sentry DSN and other keys
        shell: pwsh
        run: |
          ./.github/workflows/ReplaceSentryDSN.ps1 -dsn ${{ secrets.SENTRY_DSN }}
          ./.github/workflows/ReplaceTmdbApiKey.ps1 -apiKey ${{ secrets.TMDB_API }}
          ./.github/workflows/ReplaceAVD3URL.ps1 -url ${{ secrets.AVD3_URL }}

      - name: Get release info
        id: release_info
        uses: revam/gh-action-get-tag-and-version@v1
        with:
          tag: "${{ github.ref }}"
          prefix: v
          prefixRegex: "[vV]?"

      - uses: docker/setup-qemu-action@v2
        name: Set up QEMU
        with:
          platforms: arm64
        if: ${{ matrix.arch == 'arm64' }}

      - uses: docker/setup-buildx-action@v2
        name: Set up Docker Buildx

      - uses: docker/login-action@v2
        name: Log into GitHub Container Registry
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/login-action@v2
        name: Log into Docker Hub
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      # Disabled provenance for now, until it works with docker manifest create.
      # The manifest list produced by the new feature is incompatible with the
      # expected format used in the docker manifest create command.
      - uses: docker/build-push-action@v4
        name: Build and Push the Docker image
        with:
          context: .
          file: ${{ matrix.dockerfile }}
          push: true
          tags: |
            ghcr.io/${{ secrets.DOCKER_REPO }}:latest-${{ matrix.arch }}
            ghcr.io/${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}-${{ matrix.arch }}
            ${{ secrets.DOCKER_REPO }}:latest-${{ matrix.arch }}
            ${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}-${{ matrix.arch }}
          platforms: linux/${{ matrix.arch }}
          build-args: |
            version=${{ steps.release_info.outputs.version }}
            channel=stable
            commit=${{ github.sha }}
            date=${{ steps.release_info.outputs.date }}
            tag=${{ steps.release_info.outputs.tag }}
          provenance: false

  docker-release-push_manifest_latest:
    runs-on: ubuntu-latest
    name: Push combined latest tag for both images
    needs:
    - docker-release-build

    steps:
      - uses: docker/login-action@v2
        name: Log into GitHub Container Registry
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/login-action@v2
        name: Log into Docker Hub
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Create manifest
        run: |
          docker manifest create ghcr.io/${{ secrets.DOCKER_REPO }}:latest --amend ghcr.io/${{ secrets.DOCKER_REPO }}:latest-amd64 --amend ghcr.io/${{ secrets.DOCKER_REPO }}:latest-arm64
          docker manifest create ${{ secrets.DOCKER_REPO }}:latest --amend ${{ secrets.DOCKER_REPO }}:latest-amd64 --amend ${{ secrets.DOCKER_REPO }}:latest-arm64

      - name: Push manifest
        run: |
          docker manifest push ghcr.io/${{ secrets.DOCKER_REPO }}:latest
          docker manifest push ${{ secrets.DOCKER_REPO }}:latest

  docker-release-push_manifest_version:
    runs-on: ubuntu-latest
    name: Push combined versioned tag for both images
    needs:
    - docker-release-build

    steps:
      - uses: actions/checkout@master
        with:
          ref: "${{ github.ref }}"
          submodules: recursive
          fetch-depth: 0 # This is set to download the full git history for the repo

      - name: Get release info
        id: release_info
        uses: revam/gh-action-get-tag-and-version@v1
        with:
          tag: "${{ github.ref }}"
          prefix: v
          prefixRegex: "[vV]?"

      - uses: docker/login-action@v2
        name: Log into GitHub Container Registry
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/login-action@v2
        name: Log into Docker Hub
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Create manifest
        run: |
          docker manifest create ghcr.io/${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }} --amend ghcr.io/${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}-amd64 --amend ghcr.io/${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}-arm64
          docker manifest create ${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }} --amend ${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}-amd64 --amend ${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}-arm64

      - name: Push manifest
        run: |
          docker manifest push ghcr.io/${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}
          docker manifest push ${{ secrets.DOCKER_REPO }}:${{ steps.release_info.outputs.tag }}