scsys-xtask 0.0.0

name: docker

concurrency:
  cancel-in-progress: false
  group: ${{ github.workflow }}-${{ github.ref }}

env:
  RUSTC_VERSION: 1.86.0
  IMAGE_VENDOR: Scattered-Systems, LLC

on:
  push:
    branches: [ main, master ]
    tags: [ latest, v*, "*-nightly" ]
  repository_dispatch:
    types: [ docker ]
  workflow_dispatch:
    inputs:
      publish:
        description: 'Push the artifact to the container registry?'
        required: true
        default: 'true'

permissions:
  attestations: write
  contents: read
  id-token: write
  packages: write

jobs:
  dockerhub:
    env:
      DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
      DOCKER_REGISTRY_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
    outputs:
      name: ${{ github.event.repository.name }}
      digest: ${{ steps.deploy.outputs.digest }}
      tags: ${{ steps.docker-metadata.outputs.tags }}
      version: ${{ steps.docker-metadata.outputs.version }}
    runs-on: ubuntu-latest
    steps:
      - 
        uses: actions/checkout@v4
        name: Checkout
      - 
        uses: docker/metadata-action@v5
        id: docker-metadata
        name: Container Metadata
        with:
          flavor: latest=true,prefix=debian-
          images: ${{ vars.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}
          labels: |
            org.opencontainers.image.title=${{ github.event.repository.name }}
            org.opencontainers.image.vendor=${{ github.env.image_vendor }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}.{{minor}}.{{patch}}
            type=sha
      -
        uses: docker/setup-qemu-action@v3
        name: Setup QEMU
      -
        uses: docker/setup-buildx-action@v3
        name: Setup Docker Buildx
      -
        uses: docker/login-action@v3
        name: Authenticate DockerHub
        with:
          password: ${{ env.DOCKER_REGISTRY_PASSWORD }}
          username: ${{ env.DOCKER_REGISTRY_USERNAME }}
      - 
        uses: docker/build-push-action@v6
        id: deploy
        name: Build and Push Docker Image
        with:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          github-token: ${{ secrets.GITHUB_TOKEN }}
          labels: ${{ steps.docker-metadata.outputs.labels }}
          tags: ${{ steps.docker-metadata.outputs.tags }}
      - 
        uses: actions/attest-build-provenance@v2
        continue-on-error: true
        id: attest
        name: Create Attestation
        with:
          push-to-registry: true
          subject-digest: ${{ steps.deploy.outputs.digest }}
          subject-name: ${{ steps.docker-metadata.outputs.tags }}