name: CD - Docker - GHCR Images

on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths:
      - 'pnpm-lock.yaml'
      - 'docker/devcontainer/**'
      - '.github/workflows/docker-ghcr.yml'

permissions:
  contents: read
  packages: write

jobs:
  build-and-push:
    name: Build and Push Images
    runs-on: ubuntu-24.04

    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          submodules: 'recursive'

      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4

      - name: Log in to GHCR
        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push images
        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7
        with:
          files: docker/devcontainer/docker-bake.hcl
          targets: devcontainer
          push: true
        env:
          TAG: ${{ github.sha }}
          TAG_LATEST: ${{ github.ref_name == 'main' }}