name: Docker Build and Push (Docker Hub, Multi-Arch)

on:
  push:
    branches:
      - main
  workflow_dispatch:
    inputs:
      extra_tag:
        description: "Optionaler Zusatz-Tag (z.B. v1.2.3). Kommt zusätzlich zu :latest und :<sha>."
        required: false
        default: ""

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    env:
      REGISTRY: docker.io
      DOCKERHUB_USER_LC: ${{ secrets.DOCKERHUB_USERNAME }}
    permissions:
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          lfs: true # WICHTIG: Lädt die echten LFS-Dateien (MaxMind DBs) herunter

      - name: Get short SHA
        id: vars
        run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: docker.io
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Buildx
        uses: docker/setup-buildx-action@v3

      # -------- BACKEND --------
      - name: Build & Push backend (multi-arch)
        uses: docker/build-push-action@v6
        with:
          context: ./backend
          file: ./backend/Dockerfile
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-backend:latest
            ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-backend:${{ steps.vars.outputs.sha }}
          build-args: |
            GIT_COMMIT_SHA=${{ steps.vars.outputs.sha }}
            SENTRY_DSN=${{ secrets.SENTRY_DSN }}

      - name: Tag backend with extra_tag (manifest retag)
        if: ${{ github.event.inputs.extra_tag && github.event.inputs.extra_tag != '' }}
        run: |
          docker buildx imagetools create \
            -t ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-backend:${{ github.event.inputs.extra_tag }} \
            ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-backend:${{ steps.vars.outputs.sha }}

      # -------- FRONTEND --------
      - name: Build & Push frontend (multi-arch)
        uses: docker/build-push-action@v6
        with:
          context: ./frontend
          file: ./frontend/Dockerfile
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-frontend:latest
            ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-frontend:${{ steps.vars.outputs.sha }}
          build-args: |
            GIT_COMMIT_SHA=${{ steps.vars.outputs.sha }}
            SENTRY_DSN=${{ secrets.SENTRY_DSN }}

      - name: Tag frontend with extra_tag (manifest retag)
        if: ${{ github.event.inputs.extra_tag && github.event.inputs.extra_tag != '' }}
        run: |
          docker buildx imagetools create \
            -t ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-frontend:${{ github.event.inputs.extra_tag }} \
            ${{ env.REGISTRY }}/${{ env.DOCKERHUB_USER_LC }}/utools-frontend:${{ steps.vars.outputs.sha }}