name: build-push-bump
description: Build and push an OCI image to Gitea registry, then bump resuely/infra stack.env to trigger deploy.

inputs:
  registry:
    description: Registry host (e.g. git.rlugo.dev)
    required: true
  image:
    description: Full image name without tag (e.g. git.rlugo.dev/resuely/auth)
    required: true
  infraRepo:
    description: HTTPS clone URL without credentials (e.g. git.rlugo.dev/resuely/infra.git)
    required: true
  stackEnvPath:
    description: Path in infra repo to env file (e.g. stacks/resuely/prod/stack.env)
    required: true
  stackEnvKey:
    description: Env key to bump (e.g. AUTH_IMAGE_TAG)
    required: true

  registryUsername:
    description: Registry username
    required: true
  registryToken:
    description: Registry token/password
    required: true
  infraPushToken:
    description: Token with write access to infra repo
    required: true

outputs:
  tag:
    description: The built image tag
    value: ${{ steps.meta.outputs.tag }}

runs:
  using: composite
  steps:
    - name: Compute tag
      id: meta
      shell: bash
      run: |
        set -euo pipefail
        SHORT_SHA=$(echo "${GITHUB_SHA}" | cut -c1-7)
        TAG="${SHORT_SHA}-$(date +%s)"
        echo "tag=${TAG}" >> "$GITHUB_OUTPUT"

    - name: Login to registry
      shell: bash
      run: |
        set -euo pipefail
        echo "${{ inputs.registryToken }}" | docker login "${{ inputs.registry }}" \
          -u "${{ inputs.registryUsername }}" \
          --password-stdin

    - name: Build and push image
      shell: bash
      run: |
        set -euo pipefail
        TAG="${{ steps.meta.outputs.tag }}"
        docker build -t "${{ inputs.image }}:${TAG}" .
        docker push "${{ inputs.image }}:${TAG}"

    - name: Bump infra stack
      shell: bash
      run: |
        set -euo pipefail

        TAG="${{ steps.meta.outputs.tag }}"

        git config --global user.name "resuely-bot"
        git config --global user.email "bot@resuely.com"

        rm -rf infra
        git clone "https://resuely-bot:${{ inputs.infraPushToken }}@${{ inputs.infraRepo }}" infra
        cd infra

        FILE="${{ inputs.stackEnvPath }}"
        KEY="${{ inputs.stackEnvKey }}"

        if ! grep -q "^${KEY}=" "$FILE"; then
          echo "Missing ${KEY} in ${FILE}" >&2
          exit 1
        fi

        sed -i "s/^${KEY}=.*/${KEY}=${TAG}/" "$FILE"

        git add "$FILE"
        git commit -m "deploy(${KEY}): ${TAG}"
        git push origin main