name: Build

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    - cron:  '30 0,6,12,18 * * *'
  workflow_dispatch: {}

env:
  REGISTRY: ghcr.io

permissions:
  contents: read
  packages: write

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        os: ["fedora", "c9s", "c9s-rt"]
    container:
      # Yes, we're using this as a *builder* image.
      image: quay.io/fedora/fedora-coreos:stable
      options: "--user root --privileged -v /var/tmp:/var/tmp -v /tmp:/tmp"
    steps:
      - uses: actions/checkout@v3
        # https://github.com/actions/checkout/issues/760
      - name: Mark git checkout as safe
        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
      - name: Install deps
        run: rpm-ostree install distribution-gpg-keys
      - name: Login
        run: podman login --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
      # Make force triggering a build always build the image
      - run: echo "force_initialize=1" >> $GITHUB_ENV
        if: github.event_name == 'workflow_dispatch'
      - name: Build ostree container
        run: rpm-ostree compose image --format=registry ${force_initialize:+--initialize} ${{ matrix.os }}.yaml ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.os }}-oscore