name: Podman Build And Publish
description: Build and optionally push OCI images with Podman to registry.noctrl.eu.

inputs:
  image-name:
    description: Repository/image name path, for example noctrl/gitea-runner
    required: true
  tags:
    description: |
      Tags to apply and push. Supports newline, comma, or space separated values.
      Example: "latest\nsha-abc123"
    required: true
  registry-username:
    description: Registry username for login.
    required: true
  registry-password:
    description: Registry password for login.
    required: true
  context:
    description: Build context path.
    required: false
    default: .
  containerfile:
    description: Containerfile or Dockerfile path.
    required: false
    default: Containerfile
  build-args:
    description: |
      Optional build args as newline-separated KEY=VALUE entries.
      Example: "ACT_RUNNER_VERSION=0.2.11"
    required: false
    default: ""

runs:
  using: composite
  steps:
    - id: initialize
      shell: bash
      run: |
        set -euo pipefail

        # Keep Podman defaults aligned with runner build workflows.
        podman_root="${RUNNER_TEMP}/podman-root"
        podman_runroot="${RUNNER_TEMP}/podman-runroot"
        storage_driver="vfs"
        build_isolation="chroot"

        rm -rf "${podman_root}" "${podman_runroot}"
        mkdir -p "${podman_root}" "${podman_runroot}"

        # Export for use in subsequent steps
        {
          echo "PODMAN_ROOT=${podman_root}"
          echo "PODMAN_RUNROOT=${podman_runroot}"
          echo "STORAGE_DRIVER=${storage_driver}"
          echo "BUILD_ISOLATION=${build_isolation}"
          echo "IMAGE_BASE=registry.noctrl.eu/${{ inputs.image-name }}"
        } >> "${GITHUB_ENV}"

        # Parse and validate tags
        mapfile -t tags < <(printf '%s\n' "${{ inputs.tags }}" | tr ', ' '\n\n' | sed '/^$/d')
        if [[ ${#tags[@]} -eq 0 ]]; then
          echo "ERROR: no tags resolved from inputs.tags" >&2
          exit 1
        fi

        # Export tags as newline-separated string for subsequent steps
        (IFS=$'\n'; echo "IMAGE_TAGS=${tags[*]}") >> "${GITHUB_ENV}"

    - id: login
      shell: bash
      run: |
        set -euo pipefail

        podman_args=(
          --root "${PODMAN_ROOT}"
          --runroot "${PODMAN_RUNROOT}"
          --storage-driver "${STORAGE_DRIVER}"
        )

        echo "Logging in to registry: registry.noctrl.eu"
        echo "${{ inputs.registry-password }}" | podman "${podman_args[@]}" login registry.noctrl.eu -u "${{ inputs.registry-username }}" --password-stdin

    - id: build
      shell: bash
      run: |
        set -euo pipefail

        podman_args=(
          --root "${PODMAN_ROOT}"
          --runroot "${PODMAN_RUNROOT}"
          --storage-driver "${STORAGE_DRIVER}"
        )

        build_cmd=(podman "${podman_args[@]}" build --isolation "${BUILD_ISOLATION}" -f "${{ inputs.containerfile }}")

        # Add build args
        while IFS= read -r build_arg; do
          [[ -z "${build_arg}" ]] && continue
          build_cmd+=(--build-arg "${build_arg}")
        done <<< "${{ inputs.build-args }}"

        # Add tags
        echo "Building image with tags:"
        while IFS= read -r tag; do
          [[ -z "${tag}" ]] && continue
          echo "  ${IMAGE_BASE}:${tag}"
          build_cmd+=(-t "${IMAGE_BASE}:${tag}")
        done <<< "${IMAGE_TAGS}"

        build_cmd+=("${{ inputs.context }}")
        "${build_cmd[@]}"

    - id: push
      shell: bash
      run: |
        set -euo pipefail

        podman_args=(
          --root "${PODMAN_ROOT}"
          --runroot "${PODMAN_RUNROOT}"
          --storage-driver "${STORAGE_DRIVER}"
        )

        echo "Pushing image tags:"
        while IFS= read -r tag; do
          [[ -z "${tag}" ]] && continue
          echo "  ${IMAGE_BASE}:${tag}"
          podman "${podman_args[@]}" push "${IMAGE_BASE}:${tag}"
        done <<< "${IMAGE_TAGS}"