name: archlinux-base
on:
  push:
  schedule:
    - cron: '0 6 * * 1' # Runs every Monday at 6 AM UTC

jobs:
  archlinux-latest:
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
      attestations: write
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Get Meta
        id: meta
        env:
          HUB: ghcr.io
          ORG: dockersrc
          TAG: ${{ vars.DOCKER_TAG }}
        run: |
          echo "DOCKER_HUB=$([ -n "$HUB" ] && echo $HUB || echo "ghcr.io")" >> $GITHUB_OUTPUT
          echo "REPO_VERSION=$(git describe --tags --always | sed 's/^v//')" >> $GITHUB_OUTPUT
          echo "DOCKER_TAG=$([ -n "$TAG" ] && echo $TAG || echo "base")" >> $GITHUB_OUTPUT
          echo "DOCKER_ORG=$([ -n "$ORG" ] && echo "$ORG" || echo "dockersrc")" >> $GITHUB_OUTPUT
          echo "REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}' | sed 's|^docker-||g')" >> $GITHUB_OUTPUT
          echo "IMAGE_NAME=ghcr.io/${{ github.repository }}" >> $GITHUB_OUTPUT

      # Login to Docker Hub to avoid rate limits
      - name: Login to Docker Hub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      # Login to GitHub Container Registry
      - name: Login to GitHub Container Registry
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: docker-meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ steps.meta.outputs.IMAGE_NAME }}
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            type=raw,value=${{ steps.meta.outputs.DOCKER_TAG }}
            type=raw,value=latest,enable={{is_default_branch}}
            type=schedule,pattern={{date 'YYYYMMDD'}}

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile.base
          push: ${{ github.event_name != 'pull_request' }}
          platforms: linux/amd64,linux/arm64
          tags: ${{ steps.docker-meta.outputs.tags }}
          labels: ${{ steps.docker-meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: false