name: ci

on:
  push:
    branches:
      - "master"

env:
  workload_identity_provider: projects/140364730894/locations/global/workloadIdentityPools/codesandbox-microservices-pool/providers/github-actions-provider
  service_account: github-image-pusher-sa@codesandbox-microservices.iam.gserviceaccount.com

jobs:
  docker:
    runs-on: ubuntu-latest

    permissions:
      contents: "read"
      id-token: "write"

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: europe-docker.pkg.dev/codesandbox-microservices/codesandbox/type-fetcher
          tags: |
            type=sha,prefix=

      - id: auth
        name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v1
        with:
          token_format: "access_token"
          workload_identity_provider: ${{ env.workload_identity_provider }}
          service_account: ${{ env.service_account }}

      - uses: docker/login-action@v3
        with:
          registry: gcr.io
          username: "oauth2accesstoken"
          password: "${{ steps.auth.outputs.access_token }}"

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}