name: Publish container images (GHCR)

on:
  workflow_run:
    workflows: ["Mark stable commit"]
    types: [completed]

jobs:
  publish:
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-latest

    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout repository (with tags)
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Checkout workflow_run commit and refresh tags
        env:
          WORKFLOW_RUN_SHA: ${{ github.event.workflow_run.head_sha }}
        run: bash scripts/github/publish-containers/checkout-workflow-run-commit.sh

      - name: Check whether tagged commit is on main
        id: branch-check
        env:
          TARGET_SHA: ${{ github.event.workflow_run.head_sha }}
        run: bash scripts/github/common/check-tagged-commit-on-main.sh

      - name: Compute version and stable flag
        id: info
        if: steps.branch-check.outputs.is_on_main == 'true'
        run: bash scripts/github/publish-containers/compute-publish-container-info.sh

      - name: Set up Docker Buildx
        if: ${{ steps.info.outputs.should_publish == 'true' }}
        uses: docker/setup-buildx-action@v3
        with:
          use: true

      - name: Login to GHCR
        if: ${{ steps.info.outputs.should_publish == 'true' }}
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Publish all images
        if: ${{ steps.info.outputs.should_publish == 'true' }}
        env:
          OWNER: ${{ github.repository_owner }}
          VERSION: ${{ steps.info.outputs.version }}
          IS_STABLE: ${{ steps.info.outputs.is_stable }}
        run: bash scripts/github/publish-containers/publish-container-images.sh