name: "docker: build latest container"

on:
  push:
    tags:
      - '*'
  workflow_dispatch: {}

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        platform: [amd64, arm64, arm, 386]
        variant: [standard, large_disk]

    steps:
      - name: Checkout
        uses: actions/checkout@v6
      - name: Free Disk Space
        run: |
          echo "Available disk space before cleanup:"
          df -h
          # Remove pre-installed tools
          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
          # Clean package managers
          sudo apt-get clean
          sudo rm -rf /var/lib/apt/lists/*
          # Clean Docker aggressively
          sudo docker system prune -af --volumes
          # Clean Go cache if it exists
          [ -d ~/.cache/go-build ] && rm -rf ~/.cache/go-build || true
          [ -d /go/pkg ] && rm -rf /go/pkg || true
          echo "Available disk space after cleanup:"
          df -h
      
      - name: Configure variant
        id: config
        run: |
          if [ "${{ matrix.variant }}" == "large_disk" ]; then
            echo "tag_suffix=_large_disk" >> $GITHUB_OUTPUT
            echo "build_args=TAGS=5BytesOffset" >> $GITHUB_OUTPUT
          else
            echo "tag_suffix=" >> $GITHUB_OUTPUT
            echo "build_args=" >> $GITHUB_OUTPUT
          fi

      - name: Docker meta
        id: docker_meta
        uses: docker/metadata-action@v5
        with:
          images: |
            chrislusf/seaweedfs
            ghcr.io/chrislusf/seaweedfs
          tags: type=raw,value=latest,suffix=${{ steps.config.outputs.tag_suffix }}
          labels: |
            org.opencontainers.image.title=seaweedfs
            org.opencontainers.image.description=SeaweedFS is a distributed storage system for blobs, objects, files, and data lake, to store and serve billions of files fast!
            org.opencontainers.image.vendor=Chris Lu
      - name: Set up QEMU
        if: matrix.platform != 'amd64'
        uses: docker/setup-qemu-action@v3
      - name: Create BuildKit config
        run: |
          cat > /tmp/buildkitd.toml <<EOF
          [registry."docker.io"]
            mirrors = ["https://mirror.gcr.io"]
          EOF
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          buildkitd-flags: "--debug"
          buildkitd-config: /tmp/buildkitd.toml
      - name: Login to Docker Hub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Login to GHCR
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}
      - name: Build ${{ matrix.platform }} ${{ matrix.variant }}
        uses: docker/build-push-action@v6
        env:
          DOCKER_BUILDKIT: 1
        with:
          context: ./docker
          push: ${{ github.event_name != 'pull_request' }}
          file: ./docker/Dockerfile.go_build
          platforms: linux/${{ matrix.platform }}
          # Push to GHCR only during build to avoid Docker Hub rate limits
          tags: ghcr.io/chrislusf/seaweedfs:latest${{ steps.config.outputs.tag_suffix }}-${{ matrix.platform }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          cache-from: type=gha,scope=${{ matrix.variant }}-${{ matrix.platform }}
          cache-to: type=gha,mode=max,scope=${{ matrix.variant }}-${{ matrix.platform }}
          build-args: |
            BUILDKIT_INLINE_CACHE=1
            BRANCH=${{ github.sha }}
            ${{ steps.config.outputs.build_args }}
      - name: Clean up build artifacts
        if: always()
        run: |
          # Clean up Docker build cache and temporary files
          sudo docker system prune -f
          # Remove Go build cache
          sudo rm -rf /tmp/go-build*

  create-manifest:
    runs-on: ubuntu-latest
    needs: [build]
    if: github.event_name != 'pull_request'
    strategy:
      matrix:
        variant: [standard, large_disk]
    steps:
      - name: Checkout
        uses: actions/checkout@v6
      
      - name: Configure variant
        id: config
        run: |
          if [ "${{ matrix.variant }}" == "large_disk" ]; then
            echo "tag_suffix=_large_disk" >> $GITHUB_OUTPUT
          else
            echo "tag_suffix=" >> $GITHUB_OUTPUT
          fi

      - name: Docker meta
        id: docker_meta
        uses: docker/metadata-action@v5
        with:
          images: |
            chrislusf/seaweedfs
            ghcr.io/chrislusf/seaweedfs
          tags: type=raw,value=latest,suffix=${{ steps.config.outputs.tag_suffix }}
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}
      - name: Install crane
        run: |
          # Install crane for efficient multi-arch image copying
          cd $(mktemp -d)
          curl -sL "https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_x86_64.tar.gz" | tar xz
          sudo mv crane /usr/local/bin/
          crane version
      - name: Create and push manifest
        run: |
          SUFFIX="${{ steps.config.outputs.tag_suffix }}"
          
          # Create manifest on GHCR first (no rate limits)
          echo "Creating GHCR manifest (no rate limits)..."
          docker buildx imagetools create -t ghcr.io/chrislusf/seaweedfs:latest${SUFFIX} \
            ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-amd64 \
            ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-arm64 \
            ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-arm \
            ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-386
          
          # Copy the complete multi-arch image from GHCR to Docker Hub
          # This only requires one pull from GHCR (no rate limit) and one push to Docker Hub
          echo "Copying manifest from GHCR to Docker Hub..."
          
          # Function to retry with exponential backoff for Docker Hub operations
          retry_with_backoff() {
            local max_attempts=5
            local timeout=1
            local attempt=1
            local exit_code=0
            
            while [ $attempt -le $max_attempts ]; do
              if "$@"; then
                return 0
              else
                exit_code=$?
              fi
              
              if [ $attempt -lt $max_attempts ]; then
                echo "Attempt $attempt failed. Retrying in ${timeout}s..." >&2
                sleep $timeout
                timeout=$((timeout * 2))
              fi
              
              attempt=$((attempt + 1))
            done
            
            echo "Command failed after $max_attempts attempts" >&2
            return $exit_code
          }
          
          # Use crane or skopeo to copy, fallback to docker if not available
          if command -v crane &> /dev/null; then
            echo "Using crane to copy..."
            retry_with_backoff crane copy ghcr.io/chrislusf/seaweedfs:latest${SUFFIX} chrislusf/seaweedfs:latest${SUFFIX}
          elif command -v skopeo &> /dev/null; then
            echo "Using skopeo to copy..."
            retry_with_backoff skopeo copy --all docker://ghcr.io/chrislusf/seaweedfs:latest${SUFFIX} docker://chrislusf/seaweedfs:latest${SUFFIX}
          else
            echo "Using docker buildx imagetools (pulling 4 images from Docker Hub)..."
            # Fallback: create manifest directly on Docker Hub (pulls from Docker Hub - rate limited)
            retry_with_backoff docker buildx imagetools create -t chrislusf/seaweedfs:latest${SUFFIX} \
              ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-amd64 \
              ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-arm64 \
              ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-arm \
              ghcr.io/chrislusf/seaweedfs:latest${SUFFIX}-386
          fi