name: Docker Image CI

on:
  workflow_call:

# Org Secrets are available on push event. Not pull_request event.

env:
  REPO: ${{ github.repository }}
  REPO_SHORT_NAME: ${{ github.event.repository.name }}

jobs:

  push-s3:
    runs-on: ubuntu-22.04
    steps:
    - id: get-id
      name: Get a unique tag for this build
      run: |
        SHA=${{ github.sha }}; BRANCH_NAME=${{ github.base_ref || github.ref_name }};
        BUILD_ID=$BRANCH_NAME-${SHA:0:8};
        DOCKER_IMAGE=${{ vars.GCP_DOCKER_REGISTRY }}/$REPO:$BUILD_ID;
        echo "BUILD_ID=$BUILD_ID" >> "$GITHUB_OUTPUT";
        echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> "$GITHUB_OUTPUT";

    - name: Print build id and image name
      run: |
        echo "BUILD_ID: ${{ steps.get-id.outputs.BUILD_ID }}"; 
        echo "DOCKER_IMAGE: ${{ steps.get-id.outputs.DOCKER_IMAGE }}";

    - uses: actions/checkout@v4

    # ✅ 1) Auth to GCP (this is where your SA key is used)
    - name: Auth to GCP
      uses: google-github-actions/auth@v2
      with:
        # using your existing secret that contains the SA JSON
        credentials_json: ${{ secrets.GCP_SA_KEY }}

      # ✅ 2) Install gcloud (no creds here)
    - name: Set up gcloud
      uses: google-github-actions/setup-gcloud@v2
      with:
        project_id: ${{ vars.GCP_PROJECT_ID }}
        export_default_credentials: true

    - name: Configure Docker for GAR
      run: |
        gcloud auth configure-docker ${{vars.GCP_REGION}}-docker.pkg.dev


    - name: Build the container image for bundle step
      run: |
        docker build \
          --build-arg BUILD_STEP=bundle \
          --build-arg PUBLIC_BUILD_VERSION=${{ steps.get-id.outputs.BUILD_ID }} \
          --file fab/d/actions-build.Dockerfile \
          --tag ${{ steps.get-id.outputs.DOCKER_IMAGE }} \
          .;
    
    - name: Extract cloud files
      run: |
        image=${{ steps.get-id.outputs.DOCKER_IMAGE }}
        source_path=/cloud
        destination_path=cloud

        container_id=$(docker create "$image")
        docker cp "$container_id:$source_path" "$destination_path"
        docker rm "$container_id"

        echo "Running: ls $destination_path"
        ls $destination_path

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ vars.AWS_DEFAULT_REGION }}

    - name: Upload cloud files
      run: |
        aws s3 cp \
          --recursive \
          --cache-control max-age=31536000 \
          --storage-class STANDARD_IA \
          cloud/ s3://${{ vars.AWS_UPLOAD_BUCKET }}/${{ env.REPO_SHORT_NAME }}/${{ steps.get-id.outputs.BUILD_ID }}