name: Build and publish Docker image

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master
  workflow_dispatch:

permissions:
  contents: read
  packages: write

jobs:
  ci:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Login to GitHub Container Registry
        if: github.event_name == 'push'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Derive lowercase image metadata
        run: |
          REPO_URI_LOWERCASE=$(echo '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')
          echo "IMAGE_PREFIX_LOWERCASE=ghcr.io/$REPO_URI_LOWERCASE" >> $GITHUB_ENV

      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          platforms: linux/amd64,linux/arm64
          push: ${{ github.event_name == 'push' }}
          tags: |
            ${{ env.IMAGE_PREFIX_LOWERCASE }}:latest
            ${{ env.IMAGE_PREFIX_LOWERCASE }}:${{ github.sha }}
          labels: |
            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}