.github/workflows/build_addon.yml

name: Build addon

on:
  push:
    branches:
      - "*"
    tags:
      - "*"
  pull_request:

env:
  TARGET: nextcloud_backup
  IMAGE: "hassio-nextcloud-backup"
  REPOSITORY: ghcr.io/sebclem
  IMAGE_SOURCE: https://github.com/Sebclem/hassio-nextcloud-backup
  BASE_ISSUER: https://token.actions.githubusercontent.com
  BASE_IDENTITY: https://github.com/home-assistant/docker-base/.*

permissions: write-all

jobs:
  build-front:
    name: Build Front
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      - name: Enable corepack
        run: corepack enable

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: "pnpm"
          cache-dependency-path: nextcloud_backup/frontend/pnpm-lock.yaml

      - name: Install dependencies
        run: pnpm i
        working-directory: nextcloud_backup/frontend

      - name: Build
        run: pnpm build
        working-directory: nextcloud_backup/frontend

      - name: Upload production-ready build files
        uses: actions/upload-artifact@v4
        with:
          name: frontend
          path: nextcloud_backup/frontend/dist/

  build-back:
    name: Build back
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4

      - name: Enable corepack
        run: corepack enable

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: "pnpm"
          cache-dependency-path: nextcloud_backup/backend/pnpm-lock.yaml

      - name: Install dependencies
        run: pnpm i
        working-directory: nextcloud_backup/backend

      - name: Lint
        run: pnpm lint
        working-directory: nextcloud_backup/backend

      - name: Build
        run: pnpm build
        working-directory: nextcloud_backup/backend

      - name: Upload production-ready build files
        uses: actions/upload-artifact@v4
        with:
          name: backend
          path: nextcloud_backup/backend/dist/

  build-dockers:
    runs-on: ubuntu-latest
    needs:
      - build-back
      - build-front
    strategy:
      fail-fast: false
      matrix:
        arch: [aarch64, amd64, armv7]
        include:
          - arch: aarch64
            arch_value: linux/arm64/v8
          - arch: amd64
            arch_value: linux/amd64
          - arch: armv7
            arch_value: linux/arm/v7

    steps:
      - uses: actions/checkout@v4

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.6.0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Get build parameters
        id: build_param
        run: |
          echo "name=$(yq .name nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
          echo "description=$(yq .description nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
          echo "url=$(yq .url nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
          echo "build_from=ghcr.io/home-assistant/${{ matrix.arch }}-base:$(cat nextcloud_backup/.base_version)" >> $GITHUB_OUTPUT

      - name: Check base image signature
        run: cosign verify --certificate-oidc-issuer-regexp "${{ env.BASE_ISSUER }}" --certificate-identity-regexp "${{ env.BASE_IDENTITY }}" "${{ steps.build_param.outputs['build_from'] }}"

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ env.REPOSITORY }}/${{ env.IMAGE }}/${{ matrix.arch }}
          tags: |
            type=ref,event=branch
            type=ref,event=branch,suffix=.${{ github.run_number }}
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
          labels: |
            io.hass.name=${{ steps.build_param.outputs['name'] }}
            io.hass.description=${{ steps.build_param.outputs['description'] }}
            io.hass.url=${{ steps.build_param.outputs['url'] }}
            io.hass.arch=${{ matrix.arch }}
            io.hass.type=addon

      - name: Change version in config file
        uses: fjogeleit/yaml-update-action@v0.15.0
        with:
          valueFile: "nextcloud_backup/config.yml"
          propertyPath: "version"
          value: ${{ steps.meta.outputs.version }}.${{ github.run_number}}
          commitChange: false

      - name: Login to ghcr.io
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push ${{matrix.arch}}
        uses: docker/build-push-action@v6
        id: build-and-push
        with:
          push: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.event_name == 'release') }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: |
            ${{ steps.meta.outputs.labels }}
            io.hass.version=${{steps.meta.outputs.version}}
          build-args: |
            BUILD_FROM=${{ steps.build_param.outputs['build_from'] }}
          file: ./${{ env.TARGET }}/Dockerfile
          cache-from: type=registry,ref=${{ env.REPOSITORY }}/${{ env.IMAGE }}/${{ matrix.arch }}:latest
          cache-to: type=inline
          context: ./${{ env.TARGET }}/
          platforms: ${{ matrix.arch_value }}

      - name: Sign the images with GitHub OIDC Token
        if: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.event_name == 'release') }}
        env:
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
          TAGS: ${{ steps.meta.outputs.tags }}
        run: |
          images=""
          for tag in ${TAGS}; do
            images+="${tag}@${DIGEST} "
          done
          cosign sign --yes ${images}

  update_branch_ha_repository:
    name: Update HA addon repository
    runs-on: ubuntu-latest
    needs:
      - build-dockers
    if: ${{ github.ref == 'refs/heads/main' }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
        with:
          path: "addon"

      - name: Get branch names
        id: branch-names
        uses: tj-actions/branch-names@v8

      - name: Checkout Hass repo
        uses: actions/checkout@v4
        with:
          repository: Sebclem/sebclem-hassio-addon-repository
          path: "repository"
          token: ${{ secrets.PAT_PR }}
          ref: ${{ steps.branch-names.outputs.current_branch }}

      - name: Generate readme
        uses: cuchi/jinja2-action@v1.2.2
        with:
          template: addon/nextcloud_backup/.README.md.j2
          output_file: repository/nextcloud_backup/README.md
          variables: version=${{ steps.branch-names.outputs.current_branch }}.${{ github.run_number}}

      - name: Move other files
        run: |
          cp addon/nextcloud_backup/DOCS.md repository/nextcloud_backup/
          cp addon/nextcloud_backup/icon.png repository/nextcloud_backup/
          cp addon/nextcloud_backup/logo.png repository/nextcloud_backup/
          cp addon/nextcloud_backup/config.yml repository/nextcloud_backup/

      - name: Update config.yml
        run: |
          yq -i '.version = "${{ steps.branch-names.outputs.current_branch }}.${{ github.run_number}}"' repository/nextcloud_backup/config.yml
          yq -i '.image = "ghcr.io/sebclem/hassio-nextcloud-backup/{arch}"' repository/nextcloud_backup/config.yml

      - name: Commit and push
        run: |
          cd repository
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add .
          git commit -m "Update Nextcloud Backup to ${{ steps.branch-names.outputs.current_branch }}.${{ github.run_number }}"
          git push

  draft-release:
    name: Draft release
    runs-on: ubuntu-latest
    needs:
      - build-dockers
    if: startsWith(github.ref, 'refs/tags/')
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Get changelog
        run: npx auto-changelog --handlebars-setup .github/custom-handlebars.js
      - name: Create release
        uses: softprops/action-gh-release@v2
        with:
          body_path: CHANGELOG.md
          draft: true