name: container-image-build

on:
  workflow_call:
    inputs:
      image_tag:
        type: string
        default: ${{ github.event.number }}
    outputs:
      image:
        description: The resulting image link
        value: ${{ jobs.build-docker-image.outputs.image }}

env:
  NPROC: 2
  MAKEFLAGS: "-j${NPROC}"
  NIMFLAGS: "--parallelBuild:${NPROC}"

# This workflow should not run for outside contributors
# If org secrets are not available, we'll avoid building and publishing the docker image and we'll pass the workflow
jobs:
  build-docker-image:
    strategy:
      matrix:
        os: [ubuntu-22.04]
    runs-on: ${{ matrix.os }}
    timeout-minutes: 60

    name: docker-build-${{ matrix.os }}
    outputs:
      image: ${{ steps.build.outputs.image }}
    steps:
      - name: Check secrets
        id: secrets
        continue-on-error: true
        run: |
          if [[ -z "$QUAY_PASSWORD" || -z "$QUAY_USER" ]]; then
            echo "User does not have access to secrets, skipping workflow"
            exit 1
          fi
        env:
          QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
          QUAY_USER: ${{ secrets.QUAY_USER }}
      
      - name: Checkout code
        if: ${{ steps.secrets.outcome == 'success' }}
        uses: actions/checkout@v3

      - name: Get submodules hash
        id: submodules
        if: ${{ steps.secrets.outcome == 'success' }}
        run: |
          echo "hash=$(git submodule status | awk '{print $1}' | sort | shasum -a 256 | sed 's/[ -]*//g')" >> $GITHUB_OUTPUT

      - name: Cache submodules
        if: ${{ steps.secrets.outcome == 'success' }}
        uses: actions/cache@v3
        with:
          path: |
            vendor/
            .git/modules
          key: ${{ runner.os }}-vendor-modules-${{ steps.submodules.outputs.hash }}

      - name: Build binaries
        id: build
        if: ${{ steps.secrets.outcome == 'success' }}
        run: |

          make -j${NPROC} V=1 QUICK_AND_DIRTY_COMPILER=1 NIMFLAGS="-d:disableMarchNative -d:postgres -d:chronicles_colors:none" wakunode2

          SHORT_REF=$(git rev-parse --short HEAD)

          TAG=$([ "${PR_NUMBER}" == "" ] && echo "${SHORT_REF}" || echo "${PR_NUMBER}")
          IMAGE=quay.io/wakuorg/nwaku-pr:${TAG}

          echo "image=${IMAGE}" >> $GITHUB_OUTPUT
          echo "commit_hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT

          docker login -u ${QUAY_USER} -p ${QUAY_PASSWORD} quay.io
          docker build -t ${IMAGE} -f docker/binaries/Dockerfile.bn.amd64 --label quay.expires-after=30d .
          docker push ${IMAGE}
        env:
          QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
          QUAY_USER: ${{ secrets.QUAY_USER }}
          PR_NUMBER: ${{ inputs.image_tag}}

      - name: Comment PR
        uses: thollander/actions-comment-pull-request@v2
        if: ${{ github.event_name == 'pull_request' && steps.secrets.outcome == 'success' }}
        with:
          message: |
            You can find the image built from this PR at

            ```
            ${{steps.build.outputs.image}}
            ```

            Built from ${{ steps.build.outputs.commit_hash }}
          comment_tag: execution-rln-v${{ matrix.rln_version }}