.github/workflows/publish.yml

---
name: Publish

# yamllint disable-line rule:truthy
on:
  push:
    branches:
      - "main"
    tags:
      - "v*"
  workflow_dispatch:

permissions: read-all

jobs:
  publish_image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v3

      - name: Set up QEMU
        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # pin@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # pin@v2

      - name: Custom Variables
        id: customvars
        shell: bash
        run: |
          ( echo -n "dockerhub="
            if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ] \
            && [ -n "${{ secrets.DOCKERHUB_PAT }}" ] ; then
              echo "true"
            else
              echo "false"
            fi

            echo -n "ghcr="
            if [ -n "${{ secrets.GHCR_USERNAME }}" ] \
            && [ -n "${{ secrets.GHCR_PAT }}" ] ; then
              echo "true"
            else
              echo "false"
            fi

            echo -n "quay="
            if [ -n "${{ secrets.QUAY_USERNAME }}" ] \
            && [ -n "${{ secrets.QUAY_PAT }}" ] ; then
              echo "quay=true"
            else
              echo "quay=false"
            fi

            echo -n "is_release="
            if [[ "${{ github.ref }}" =~ refs/tags/v.* ]] ; then
              echo "true"
            else
              echo "false"
            fi

            echo -n "dockerhub_image="
            if [ -n "${{ env.dockerhub_image }}" ] ; then
              echo "${{ env.dockerhub_image }}"
            else
              echo "${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }}"
            fi

            echo -n "ghcr_image="
            if [ -n "${{ env.ghcr_image }}" ] ; then
              echo "${{ env.ghcr_image }}"
            else
              echo "${{ secrets.GHCR_USERNAME }}/${{ github.event.repository.name }}"
            fi

            echo -n "quay_image="
            if [ -n "${{ env.quay_image }}" ] ; then
              echo "${{ env.quay_image }}"
            else
              echo "${{ secrets.QUAY_USERNAME }}/${{ github.event.repository.name }}"
            fi
          ) >> $GITHUB_OUTPUT

      - name: Login to GitHub Packages
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pin@v2
        if: ${{ steps.customvars.outputs.ghcr == 'true' }}
        with:
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_PAT }}
          registry: ghcr.io

      - name: Login to Dockerhub
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pin@v2
        if: ${{ steps.customvars.outputs.dockerhub == 'true' }}
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PAT }}
          registry: registry.hub.docker.com

      - name: Login to Quay
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pin@v2
        if: ${{ steps.customvars.outputs.quay == 'true' }}
        with:
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_PAT }}
          registry: quay.io

      - name: Docker metadata
        id: meta
        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # pin@v5
        with:
          images: |
            name=registry.hub.docker.com/${{ steps.customvars.outputs.dockerhub_image }},enable=${{ steps.customvars.outputs.dockerhub == 'true' }}
            name=ghcr.io/${{ steps.customvars.outputs.ghcr_image }},enable=${{ steps.customvars.outputs.ghcr == 'true' }}
            name=quay.io/${{ steps.customvars.outputs.quay_image }},enable=${{ steps.customvars.outputs.quay == 'true' }}
          tags: |
            type=raw,value=latest,enable=${{ steps.customvars.outputs.is_release == 'true' }}
            type=semver,pattern={{version}},enable=${{ steps.customvars.outputs.is_release == 'true' }}
            type=semver,pattern={{major}},enable=${{ steps.customvars.outputs.is_release == 'true' }}
            type=semver,pattern={{major}}.{{minor}},enable=${{ steps.customvars.outputs.is_release == 'true' }}
            type=edge,branch=main
            type=sha
            type=sha,format=long
        env:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index

      - name: Build and push
        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # pin@v4
        with:
          push: true
          sbom: true
          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}

      - name: update DockerHub description
        uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8 # pin@v1
        if: ${{ steps.customvars.outputs.dockerhub == 'true' }}
        with:
          destination_container_repo: ${{ steps.customvars.outputs.dockerhub_image }}
          provider: dockerhub
        env:
          DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
          DOCKER_PASS: ${{ secrets.DOCKERHUB_PAT }}

      - name: update Quay description
        uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8 # pin@v1
        if: ${{ steps.customvars.outputs.quay == 'true' }}
        with:
          destination_container_repo: ${{ steps.customvars.outputs.quay_image }}
          provider: quay
        env:
          DOCKER_APIKEY: ${{ secrets.QUAY_PAT }}