name: Build Docker image

on:
  workflow_call:
    inputs:
      ecr_repo:
        required: true
        type: string
      dockerfile_path:
        required: true
        type: string
      build_context:
        required: false
        default: "."
        type: string
      build_args:
        required: false
        type: string

    outputs:
      image_digest:
        description: "Pushed image digest"
        value: ${{ jobs.build.outputs.image_digest }}
      ecr_repo_url:
        description: "ECR repository URL"
        value: ${{ jobs.build.outputs.ecr_repo_url }}

    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      AWS_REGION:
        required: true
      DEV_DB_HOST:
        required: false
      DEV_DB_PORT:
        required: false
      DEV_DB_NAME:
        required: false
      EPC_AUTH_TOKEN:
        required: false
      OPEN_EPC_API_TOKEN:
        required: false

jobs:
  build:
    runs-on: ubuntu-latest

    env:
      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
      DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }}
      DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}
      EPC_AUTH_TOKEN: ${{ secrets.EPC_AUTH_TOKEN }}
      OPEN_EPC_API_TOKEN: ${{ secrets.OPEN_EPC_API_TOKEN }}

    outputs:
      image_digest: ${{ steps.digest.outputs.image_digest }}
      ecr_repo_url: ${{ steps.repo.outputs.ecr_repo_url }}

    steps:
      - uses: actions/checkout@v4

      - uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - uses: aws-actions/amazon-ecr-login@v2

      - name: Resolve ECR repo URL
        id: repo
        run: |
          AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

          ECR_REPO_URL="${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${{ inputs.ecr_repo }}"

          echo "Resolved ECR repo URL (local var):"
          echo "$ECR_REPO_URL"

          echo "ecr_repo_url=$ECR_REPO_URL" >> "$GITHUB_OUTPUT"

      - name: Build & push image
        run: |
          IMAGE_URI="${{ steps.repo.outputs.ecr_repo_url }}:${GITHUB_SHA}"

          # Writes build args and removes line breaks
          BUILD_ARGS=""
          while IFS= read -r line; do
            # skip empty lines
            [ -n "$line" ] || continue
            temp=$(eval echo "$line")
            BUILD_ARGS="$BUILD_ARGS --build-arg $temp"
          done <<< "${{ inputs.build_args }}"

          docker buildx build \
            --no-cache \
            --platform linux/amd64 \
            --provenance=false \
            --sbom=false \
            --push \
            -f ${{ inputs.dockerfile_path }} \
            $BUILD_ARGS \
            -t $IMAGE_URI \
            ${{ inputs.build_context }}

      - name: Resolve image digest
        id: digest
        run: |
          DIGEST=$(aws ecr describe-images \
            --repository-name ${{ inputs.ecr_repo }} \
            --image-ids imageTag=${GITHUB_SHA} \
            --query 'imageDetails[0].imageDigest' \
            --output text)
          echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"