name: Docker Build Smart Logic

on:
  push:
    branches:
      - main
    tags:
      - 'v*'
  workflow_dispatch:

env:
  REGISTRY_HOST: git.pi-farm.de
  IMAGE_BASE: ${{ gitea.repository }}

jobs:
  build:
    name: Build amd64 & arm64
    runs-on: buildx-multiarch

    steps:
      - name: Checkout repository
        uses: http://git.pi-farm.de/pi-farm/checkout@v4
        with:
          fetch-depth: 0
          fetch-tags: true

      - name: Dynamic Template Fix
        id: template_fix
        run: |
          if grep -q "{{.RepoName}}" README.md 2>/dev/null; then
            echo "Ersetze Platzhalter..."
            REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2)
            OWNER_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f1)
            BRANCH_NAME="${{ gitea.ref_name }}"
            
            sed -i "s|{{.RepoName}}|${REPO_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true
            sed -i "s|{{.OwnerName}}|${OWNER_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true
            sed -i "s|{{.BranchName}}|${BRANCH_NAME}|g" README.md docker-compose.yml LICENSE 2>/dev/null || true

            git config user.name "Gitea Bot"
            git config user.email "bot@gitea.local"
            git add README.md docker-compose.yml LICENSE
            if ! git diff --staged --quiet; then
              git commit -m "docs: fix template placeholders [skip ci]"
              git push origin HEAD:${{ gitea.ref_name }}
            fi
          fi

      - name: Detect version and Prepare Files
        id: prepare
        run: |
          # Versionierung
          if [ "$GITHUB_REF_TYPE" = "tag" ]; then
            VERSION="$GITHUB_REF_NAME"
            IS_TAG=true
          else
            VERSION="main"
            IS_TAG=false
          fi
          
          # Dockerfile Auswahl
          if [ ! -s "Dockerfile" ]; then
            echo "should_build=false" >> $GITEA_OUTPUT
            exit 0
          fi
          echo "should_build=true" >> $GITEA_OUTPUT

          # Multiarch Files
          echo "AMD64_DOCKERFILE=Dockerfile" >> $GITEA_ENV
          echo "ARM64_DOCKERFILE=$([ -s Dockerfile.aarch64 ] && echo Dockerfile.aarch64 || echo Dockerfile)" >> $GITEA_ENV
          
          # Global Env
          echo "VERSION=$VERSION" >> $GITEA_ENV
          echo "IS_TAG=$IS_TAG" >> $GITEA_ENV
          echo "IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}" >> $GITEA_ENV
          echo "CACHE_IMAGE_NAME=${REGISTRY_HOST}/${IMAGE_BASE}-cache" >> $GITEA_ENV
          echo "BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITEA_ENV

      - name: Login to registry
        if: steps.prepare.outputs.should_build == 'true'
        run: |
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login \
            ${{ env.REGISTRY_HOST }} -u ${{ secrets.REGISTRY_USER }} --password-stdin

      - name: Setup buildx
        if: steps.prepare.outputs.should_build == 'true'
        run: |
          docker buildx rm multiarch || true
          docker buildx create --name multiarch --driver docker-container --use
          docker buildx inspect --bootstrap

      - name: Build & push multiarch
        if: steps.prepare.outputs.should_build == 'true'
        shell: bash
        run: |
          echo "== Universeller Multiarch Build Start =="

          # 1. Dynamisches Laden aller Variablen aus versions.env als Build-Args
          BUILD_ARGS=""
          while IFS='=' read -r key value || [ -n "$key" ]; do
            [[ "$key" =~ ^#.*$ || -z "$key" ]] && continue
            clean_value=$(echo "$value" | xargs)
            # Exportiere für Script-Nutzung UND baue Build-Args String
            export "$key=$clean_value"
            BUILD_ARGS="$BUILD_ARGS --build-arg $key=$clean_value"
          done < versions.env

          # 2. Zusätzliche System-Args hinzufügen
          BUILD_ARGS="$BUILD_ARGS --build-arg VERSION=$VERSION --build-arg BUILD_DATE=$BUILD_DATE"

          # 3. Tags berechnen
          if [[ "$IS_TAG" == "true" ]]; then
            DOCKER_TAGS="${IMAGE_NAME}:${VERSION} ${IMAGE_NAME}:latest"
          else
            DOCKER_TAGS="${IMAGE_NAME}:main"
          fi

          # 4. Builds ausführen
          CACHE_REF="${CACHE_IMAGE_NAME}"

          echo "Starte AMD64 Build..."
          docker buildx build \
            --platform linux/amd64 \
            -f ${AMD64_DOCKERFILE} \
            ${BUILD_ARGS} \
            --cache-from type=registry,ref=${CACHE_REF}:amd64 \
            --cache-to type=registry,ref=${CACHE_REF}:amd64,mode=min \
            -t ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \
            --push .

          echo "Starte ARM64 Build..."
          docker buildx build \
            --platform linux/arm64 \
            -f ${ARM64_DOCKERFILE} \
            ${BUILD_ARGS} \
            --cache-from type=registry,ref=${CACHE_REF}:arm64 \
            --cache-to type=registry,ref=${CACHE_REF}:arm64,mode=min \
            -t ${CACHE_IMAGE_NAME}:${VERSION}-arm64 \
            --push .

          # 5. Manifest Erstellung
          for TAG in $DOCKER_TAGS; do
            echo "Creating manifest for: $TAG"
            docker buildx imagetools create -t $TAG \
              ${CACHE_IMAGE_NAME}:${VERSION}-amd64 \
              ${CACHE_IMAGE_NAME}:${VERSION}-arm64
          done

      - name: Generate SBOM
        if: steps.prepare.outputs.should_build == 'true'
        run: |
          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
          TARGET_IMAGE="${IMAGE_NAME}:${VERSION}"
          echo "Generating SBOM for $TARGET_IMAGE"
          syft $TARGET_IMAGE -o spdx-json > sbom.spdx.json || true
      
      - name: Upload SBOM
        if: steps.prepare.outputs.should_build == 'true'
        uses: actions/upload-artifact@v3
        with:
          name: sbom
          path: sbom.spdx.json