name: "CI pipeline"

on:
  push:
    branches: [ "main" ]
    paths-ignore:
      - '.devcontainer/*'
      - '.github/*'
      - '!.github/workflows/ci.yml'
      - '.vscode/*'
      - '**.md'
      - '.env*'
      - 'LICENSE'
      - 'COPYING'
  pull_request:
    branches: [ "main", "deps" ]
    paths-ignore:
      - '.devcontainer/*'
      - '.github/*'
      - '!.github/workflows/ci.yml'
      - '.vscode/*'
      - '**.md'
      - '.env*'
      - 'LICENSE'
      - 'COPYING'
  workflow_dispatch:
    inputs:
      push:
        type: boolean
        required: false
        default: false
        description: "Push to Docker Hub"

jobs:
  build:
    runs-on: ubuntu-latest

    permissions:
      packages: write

    steps:
      - uses: actions/checkout@v4

      - uses: docker/metadata-action@v5
        id: meta
        with:
          images: |
            ${{ github.repository }}
            ghcr.io/${{ github.repository }}
          tags: |
            latest
            ${{ github.sha }}

      - name: "Login to Docker Hub"
        if: github.event_name != 'pull_request' || github.event.inputs.push == 'true'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: "Login to GitHub Container Registry"
        if: github.event_name != 'pull_request' || github.event.inputs.push == 'true'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: docker/build-push-action@v6
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' || github.event.inputs.push == 'true' }}
          tags: ${{ steps.meta.outputs.tags }}