name: Build CI Environment

on:
  workflow_dispatch:
    inputs:
      image_tag:
        description: 'Tag for the CI image (e.g., latest)'
        required: true
        default: 'latest'

env:
  # OVERRIDE_REGISTRY can be set as a secret to override the default registry (e.g., for testing with a private registry). Else '' will be used, which defaults to ghcr.io for github.com and the GitHub server domain for self-hosted GitHub instances.
  OVERRIDE_REGISTRY: ${{ secrets.OVERRIDE_REGISTRY }}

permissions:
  contents: read
  packages: write

concurrency:
  group: build-ci
  cancel-in-progress: true

jobs:
  build-ci-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup CI metadata
        id: setup
        uses: ./.github/actions/setup-ci-metadata
        with:
          registry: ${{ env.OVERRIDE_REGISTRY }}
          image_tag: ${{ github.event.inputs.image_tag }}

      - name: Login to Docker Hub
        uses: docker/login-action@v4
        with:
          registry: ${{ steps.setup.outputs.registry }}
          username: ${{ secrets.GITHUB_USERNAME || github.actor }}
          password: ${{ secrets.OVERRIDE_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}

      - name: Build and push Docker image for CI
        uses: docker/build-push-action@v3
        with:
          context: .
          file: .github/docker/ci.Dockerfile
          push: true
          tags: |
            ${{ steps.setup.outputs.image_tag }}
            ${{ steps.setup.outputs.latest_tag }}