name: Publish Docker Images
run-name: Publish Docker Images ${{ inputs.tag }}

# Triggered by create-release.yml after staging images pass tests.
# Builds multi-arch images (amd64+arm64) from source and publishes to Docker Hub and GHCR.
on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Release tag (e.g., v4.34.0)'
        required: true
        type: string

concurrency:
  group: docker-publish-${{ inputs.tag }}
  cancel-in-progress: false

jobs:
  publish:
    runs-on: ubuntu-latest
    timeout-minutes: 60  # Increased for multi-arch builds with QEMU
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.tag }}

      - name: Extract version from release tag
        id: version
        run: |
          TAG="${{ inputs.tag }}"
          VERSION="${TAG#v}"

          # Detect if this is a prerelease (RC, alpha, beta)
          IS_PRERELEASE="false"
          if [[ "$VERSION" =~ -rc\.[0-9]+$ ]] || [[ "$VERSION" =~ -alpha\.[0-9]+$ ]] || [[ "$VERSION" =~ -beta\.[0-9]+$ ]]; then
            IS_PRERELEASE="true"
            echo "Detected prerelease version - will NOT update :latest tag"
          fi

          echo "tag=${TAG}" >> $GITHUB_OUTPUT
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "is_prerelease=${IS_PRERELEASE}" >> $GITHUB_OUTPUT
          echo "Publishing Docker images for ${TAG} (prerelease: ${IS_PRERELEASE})"

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push Pulse server image (multi-arch)
        uses: docker/build-push-action@v6
        with:
          context: .
          target: runtime
          platforms: linux/amd64,linux/arm64
          push: true
          provenance: false
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/pulse:buildcache
          build-args: |
            PULSE_LICENSE_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
            VERSION=${{ steps.version.outputs.tag }}
          tags: |
            rcourtman/pulse:${{ steps.version.outputs.tag }}
            rcourtman/pulse:${{ steps.version.outputs.version }}
            ${{ steps.version.outputs.is_prerelease != 'true' && 'rcourtman/pulse:latest' || '' }}
            ghcr.io/${{ github.repository_owner }}/pulse:${{ steps.version.outputs.tag }}
            ghcr.io/${{ github.repository_owner }}/pulse:${{ steps.version.outputs.version }}
            ${{ steps.version.outputs.is_prerelease != 'true' && format('ghcr.io/{0}/pulse:latest', github.repository_owner) || '' }}

      - name: Build and push Pulse Docker agent image (multi-arch)
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          target: agent_runtime
          platforms: linux/amd64,linux/arm64
          push: true
          provenance: false
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:buildcache
          build-args: |
            PULSE_LICENSE_PUBLIC_KEY=${{ secrets.PULSE_LICENSE_PUBLIC_KEY }}
            VERSION=${{ steps.version.outputs.tag }}
          tags: |
            rcourtman/pulse-docker-agent:${{ steps.version.outputs.tag }}
            rcourtman/pulse-docker-agent:${{ steps.version.outputs.version }}
            ${{ steps.version.outputs.is_prerelease != 'true' && 'rcourtman/pulse-docker-agent:latest' || '' }}
            ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:${{ steps.version.outputs.tag }}
            ghcr.io/${{ github.repository_owner }}/pulse-docker-agent:${{ steps.version.outputs.version }}
            ${{ steps.version.outputs.is_prerelease != 'true' && format('ghcr.io/{0}/pulse-docker-agent:latest', github.repository_owner) || '' }}

      - name: Output image information
        run: |
          IS_PRERELEASE="${{ steps.version.outputs.is_prerelease }}"
          echo "✅ Docker images published successfully!"
          echo ""
          echo "Server images (linux/amd64, linux/arm64):"
          echo "  - rcourtman/pulse:${{ steps.version.outputs.tag }}"
          echo "  - rcourtman/pulse:${{ steps.version.outputs.version }}"
          if [ "$IS_PRERELEASE" != "true" ]; then
            echo "  - rcourtman/pulse:latest"
          fi
          echo ""
          echo "Agent images (linux/amd64, linux/arm64):"
          echo "  - rcourtman/pulse-docker-agent:${{ steps.version.outputs.tag }}"
          echo "  - rcourtman/pulse-docker-agent:${{ steps.version.outputs.version }}"
          if [ "$IS_PRERELEASE" != "true" ]; then
            echo "  - rcourtman/pulse-docker-agent:latest"
          fi
          echo ""
          if [ "$IS_PRERELEASE" = "true" ]; then
            echo "Note: :latest tags were NOT updated (this is a prerelease)"
          fi