name: Build Docker image

on:
  workflow_call:
    inputs:
      ecr_repo:
        description: "ECR repository name"
        required: true
        type: string

      aws_region:
        description: "AWS region"
        required: true
        type: string

      dockerfile_path:
        description: "Path to Dockerfile"
        required: true
        type: string

      build_context:
        description: "Docker build context directory"
        required: false
        default: "."
        type: string

    outputs:
      image_digest:
        description: "Pushed image digest"
        value: ${{ jobs.build.outputs.image_digest }}

    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      AWS_ACCOUNT_ID:
        required: true

jobs:
  build:
    runs-on: ubuntu-latest

    outputs:
      image_digest: ${{ steps.digest.outputs.image_digest }}

    steps:
      - uses: actions/checkout@v4

      - uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ inputs.aws_region }}

      - uses: aws-actions/amazon-ecr-login@v2

      - name: Build & push image
        run: |
          IMAGE_TAG=${GITHUB_SHA}
          IMAGE_URI=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/${{ inputs.ecr_repo }}:${IMAGE_TAG}

          docker build \
            -f ${{ inputs.dockerfile_path }} \
            -t $IMAGE_URI \
            ${{ inputs.build_context }}

          docker push $IMAGE_URI

      - name: Resolve image digest
        id: digest
        run: |
          DIGEST=$(aws ecr describe-images \
            --repository-name ${{ inputs.ecr_repo }} \
            --image-ids imageTag=${GITHUB_SHA} \
            --query 'imageDetails[0].imageDigest' \
            --output text)

          echo "image_digest=$DIGEST" >> $GITHUB_OUTPUT