name: Build and Push Docker Images

on:
  workflow_dispatch:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  release:
    types: [published]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  packages: write

jobs:
  build_and_push:
    runs-on: ubuntu-latest
    strategy:
      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
          - context: "web"
            image: "immich-web"
            platforms: "linux/amd64,linux/arm64"
          - context: "machine-learning"
            image: "immich-machine-learning"
            platforms: "linux/amd64,linux/arm64"
          - context: "nginx"
            image: "immich-proxy"
            platforms: "linux/amd64,linux/arm64"

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0
        # Workaround to fix error:
        # failed to push: failed to copy: io: read/write on closed pipe
        # See https://github.com/docker/build-push-action/issues/761
        with:
          driver-opts: |
            image=moby/buildkit:v0.10.6

      - name: Login to Docker Hub
        # Only push to Docker Hub when making a release
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        # Skip when PR from a fork
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate docker image tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch
            # Tag with pr-number
            type=ref,event=pr
            # Tag with git tag on release
            type=ref,event=tag
            type=raw,value=release,enable=${{ github.event_name == 'release' }}

      - name: Determine build cache output
        id: cache-target
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
          fi

      - name: Build and push image
        uses: docker/build-push-action@v5.0.0
        with:
          context: ${{ matrix.context }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}

  build_and_push_server_arm_64:
    runs-on: self-hosted
    strategy:
      # Prevent a failure in one image from stopping the other builds
      fail-fast: false
      matrix:
        include:
          - context: "server"
            image: "immich-server"
            platforms: "linux/arm64,linux/amd64"
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3.0.0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0
        # Workaround to fix error:
        # failed to push: failed to copy: io: read/write on closed pipe
        # See https://github.com/docker/build-push-action/issues/761
        with:
          driver-opts: |
            image=moby/buildkit:v0.10.6

      - name: Login to Docker Hub
        # Only push to Docker Hub when making a release
        if: ${{ github.event_name == 'release' }}
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        # Skip when PR from a fork
        if: ${{ !github.event.pull_request.head.repo.fork }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Generate docker image tags
        id: metadata
        uses: docker/metadata-action@v5
        with:
          flavor: |
            # Disable latest tag
            latest=false
          images: |
            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
          tags: |
            # Tag with branch name
            type=ref,event=branch
            # Tag with pr-number
            type=ref,event=pr
            # Tag with git tag on release
            type=ref,event=tag
            type=raw,value=release,enable=${{ github.event_name == 'release' }}

      - name: Determine build cache output
        id: cache-target
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            # Essentially just ignore the cache output (PR can't write to registry cache)
            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
          else
            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
          fi

      - name: Build and push image
        uses: docker/build-push-action@v5.0.0
        with:
          context: ${{ matrix.context }}
          platforms: ${{ matrix.platforms }}
          # Skip pushing when PR from a fork
          push: ${{ !github.event.pull_request.head.repo.fork }}
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
          cache-to: ${{ steps.cache-target.outputs.cache-to }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}