name: Build and push docker images

concurrency:
  group: docker-build-${{ github.event_name }}-${{ github.ref }}
  cancel-in-progress: true

on:
  workflow_call:
    inputs:
      profile:
        required: true
        type: string
      version:
        required: true
        type: string
      latest:
        required: true
        type: string
      publish:
        required: true
        type: string
      otp_vsn:
        required: true
        type: string
      elixir_vsn:
        required: true
        type: string
      builder_vsn:
        required: true
        type: string
    secrets:
      DOCKER_HUB_USER:
        required: true
      DOCKER_HUB_TOKEN:
        required: true
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
  workflow_dispatch:
    inputs:
      ref:
        required: false
      profile:
        required: false
        type: string
        default: 'emqx'
      version:
        required: true
      latest:
        required: false
        type: boolean
        default: false
      publish:
        required: false
        type: boolean
        default: false
      otp_vsn:
        required: false
        type: string
        default: '26.2.1-2'
      elixir_vsn:
        required: false
        type: string
        default: '1.15.7'
      builder_vsn:
        required: false
        type: string
        default: '5.3-2'

permissions:
  contents: read

jobs:
  docker:
    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral-xl","linux","x64"]') || 'ubuntu-22.04' }}

    strategy:
      fail-fast: false
      matrix:
        profile:
          - ${{ inputs.profile }}
          - ${{ inputs.profile }}-elixir
        registry:
          - 'docker.io'
          - 'public.ecr.aws'
        exclude:
          - profile: emqx-enterprise
            registry: 'public.ecr.aws'
          - profile: emqx-enterprise-elixir
            registry: 'public.ecr.aws'

    steps:
    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      with:
        ref: ${{ github.event.inputs.ref }}
        fetch-depth: 0

    - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
    - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

    - name: Login to hub.docker.com
      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
      if: matrix.registry == 'docker.io'
      with:
        username: ${{ secrets.DOCKER_HUB_USER }}
        password: ${{ secrets.DOCKER_HUB_TOKEN }}

    - name: Login to AWS ECR
      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
      if: matrix.registry == 'public.ecr.aws'
      with:
        registry: public.ecr.aws
        username: ${{ secrets.AWS_ACCESS_KEY_ID }}
        password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        ecr: true

    - name: Build docker image
      env:
        PROFILE: ${{ matrix.profile }}
        DOCKER_REGISTRY: ${{ matrix.registry }}
        DOCKER_ORG: ${{ github.repository_owner }}
        DOCKER_LATEST: ${{ inputs.latest }}
        DOCKER_PUSH: ${{ inputs.publish == 'true' || inputs.publish || github.repository_owner != 'emqx' }}
        DOCKER_BUILD_NOCACHE: true
        DOCKER_PLATFORMS: linux/amd64,linux/arm64
        EMQX_RUNNER: 'debian:11-slim'
        EMQX_DOCKERFILE: 'deploy/docker/Dockerfile'
        PKG_VSN: ${{ inputs.version }}
        EMQX_BUILDER_VSN: ${{ inputs.builder_vsn }}
        EMQX_OTP_VSN: ${{ inputs.otp_vsn }}
        EMQX_ELIXIR_VSN: ${{ inputs.elixir_vsn }}
      run: |
        ./build ${PROFILE} docker