name: Build and Push Docker Image

on:
  push:
    branches:
      - main
    tags:
      - 'v*'
  pull_request:
    branches:
      - main

env:
  REGISTRY: nexus.bsdserver.nl:443
  IMAGE_NAME: enterprise-openldap

jobs:
  build:
    runs-on: docker
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Determine version tag
        id: version
        run: |
          if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
            # Extract version from tag (v1.0.0 -> 1.0.0)
            VERSION="${GITHUB_REF#refs/tags/v}"
            echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
            echo "TAGS=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${VERSION},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" >> $GITHUB_OUTPUT
          elif [[ "$GITHUB_REF" == refs/heads/main ]]; then
            # Use short SHA for main branch
            SHORT_SHA=$(echo "$GITHUB_SHA" | cut -c1-7)
            echo "VERSION=$SHORT_SHA" >> $GITHUB_OUTPUT
            echo "TAGS=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$SHORT_SHA" >> $GITHUB_OUTPUT
          else
            # Pull request - just use SHA
            SHORT_SHA=$(echo "$GITHUB_SHA" | cut -c1-7)
            echo "VERSION=$SHORT_SHA" >> $GITHUB_OUTPUT
            echo "TAGS=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-$SHORT_SHA" >> $GITHUB_OUTPUT
          fi

      - name: Log in to Docker Registry
        if: github.event_name != 'pull_request'
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login ${{ env.REGISTRY }} -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin

      - name: Build Docker image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.VERSION }} .

      - name: Tag additional versions
        if: github.event_name != 'pull_request'
        run: |
          IFS=',' read -ra TAGS <<< "${{ steps.version.outputs.TAGS }}"
          for TAG in "${TAGS[@]}"; do
            docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.VERSION }} "$TAG"
          done

      - name: Push Docker image
        if: github.event_name != 'pull_request'
        run: |
          IFS=',' read -ra TAGS <<< "${{ steps.version.outputs.TAGS }}"
          for TAG in "${TAGS[@]}"; do
            docker push "$TAG"
          done

      - name: Logout from registry
        if: always() && github.event_name != 'pull_request'
        run: docker logout ${{ env.REGISTRY }} || true