name: Docker Build (multi-arch AMD64 + ARM64)

on:
  workflow_dispatch:
  
env:
  REGISTRY: gitea.cuihang1201.synology.me
  IMAGE_NAME: hangpersonal/sad-workspace
  TAG_NAME: latest
  PLATFORMS: linux/amd64,linux/arm64

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up QEMU (for cross-compiling)
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3

      # Login to your Gitea registry: provide REGISTRY_USER / REGISTRY_PASSWORD as repo secrets in Gitea
      - name: Log in to registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USER }}
          password: ${{ secrets.REGISTRY_TOKEN }}

      # Optional: derive tags/labels from repo metadata; comment out if you prefer static tags only
      - name: Docker metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=raw,value=${{ env.TAG_NAME }}
            type=raw,value=sha-${{ github.sha }}
          flavor: |
            latest=false

      - name: Build and push (multi-arch)
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          push: true
          platforms: ${{ env.PLATFORMS }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      # Optional: print the final manifest list for verification
      - name: Inspect pushed manifest
        run: |
          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}