vps-monitor/.github/workflows/docker-publish.yml

name: Docker Publish

on:
  push:
    branches: [main, dev]
    tags: ["v*"]
    paths-ignore:
      - Readme.md
  workflow_dispatch:

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    outputs:
      image_size_human: ${{ steps.image_size.outputs.size_human }}
    steps:
      - uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: hhftechnology
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            hhftechnology/vps-monitor
            ghcr.io/hhftechnology/vps-monitor
          tags: |
            type=ref,event=branch
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=sha,prefix=
            type=raw,value=latest,enable={{is_default_branch}}

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./home/Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build image for size calculation (linux/amd64)
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/')
        continue-on-error: true
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./home/Dockerfile
          platforms: linux/amd64
          push: false
          load: true
          tags: local/vps-monitor:size-${{ github.sha }}
          cache-from: type=gha

      - name: Calculate image size
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/')
        id: image_size
        continue-on-error: true
        shell: bash
        run: |
          IMAGE_REF="local/vps-monitor:size-${{ github.sha }}"
          SIZE_BYTES="$(docker image inspect "${IMAGE_REF}" --format='{{.Size}}' 2>/dev/null || true)"

          if [ -n "${SIZE_BYTES}" ]; then
            SIZE_HUMAN="$(numfmt --to=iec --suffix=B "${SIZE_BYTES}")"
          else
            SIZE_HUMAN=""
          fi

          if [ -n "${SIZE_HUMAN}" ]; then
            echo "size_human=${SIZE_HUMAN}" >> "${GITHUB_OUTPUT}"
          else
            echo "Image size calculation skipped or failed"
          fi

  commit-readme-image-size:
    runs-on: ubuntu-latest
    needs: [build-and-push]
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/')
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.ref_name }}

      - name: Update README image size
        shell: bash
        run: |
          IMAGE_SIZE="${{ needs.build-and-push.outputs.image_size_human }}"

          if [ -z "${IMAGE_SIZE}" ]; then
            echo "No image size output available"
            exit 0
          fi

          sed -i -E "s|(<!-- VPS_MONITOR_IMAGE_SIZE_START -->)[^<]*(<!-- VPS_MONITOR_IMAGE_SIZE_END -->)|\1${IMAGE_SIZE}\2|" Readme.md

      - name: Commit README image size update
        shell: bash
        run: |
          git fetch origin "${{ github.ref_name }}"
          REMOTE_SHA="$(git rev-parse FETCH_HEAD)"
          if [ "${REMOTE_SHA}" != "${{ github.sha }}" ]; then
            echo "Remote branch moved; refusing stale README push"
            exit 0
          fi

          if git diff --quiet -- Readme.md; then
            echo "README image size is already up to date"
            exit 0
          fi

          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"

          cat > /tmp/readme-image-size-commit-message.txt <<'EOF'
          Keep README image size in sync with published image

          Automated branch-only documentation refresh after a successful image publish run.

          Constraint: README updates must not block image publication
          Confidence: high
          Scope-risk: narrow
          Directive: Keep the README marker name and workflow replacement pattern aligned
          Tested: GitHub Actions branch-push README marker refresh
          Not-tested: Protected branches that reject github-actions[bot] pushes
          EOF

          git add Readme.md
          git commit -F /tmp/readme-image-size-commit-message.txt
          git push origin HEAD:${{ github.ref_name }}