variables:
  - &image git.mosaicstack.dev/mosaic/openbrain
  - &kaniko_setup |
      mkdir -p /kaniko/.docker
      echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json

when:
  - event: push
    branch: main
  - event: tag

steps:
  lint:
    image: python:3.12-slim
    commands:
      - pip install ruff --quiet --no-cache-dir
      - ruff check src/
      - ruff format --check src/

  build:
    image: gcr.io/kaniko-project/executor:debug
    environment:
      GITEA_USER:
        from_secret: gitea_username
      GITEA_TOKEN:
        from_secret: gitea_token
      CI_COMMIT_SHA: ${CI_COMMIT_SHA}
      CI_COMMIT_TAG: ${CI_COMMIT_TAG}
      CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
    commands:
      - *kaniko_setup
      - |
        IMAGE=git.mosaicstack.dev/mosaic/openbrain
        SHORT_SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
        DESTINATIONS="--destination $IMAGE:sha-$SHORT_SHA"
        if [ -n "$CI_COMMIT_TAG" ]; then
          DESTINATIONS="$DESTINATIONS --destination $IMAGE:$CI_COMMIT_TAG"
        fi
        if [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="$DESTINATIONS --destination $IMAGE:latest"
        fi
        /kaniko/executor \
          --context . \
          --dockerfile Dockerfile \
          --snapshot-mode=redo \
          $DESTINATIONS
    depends_on:
      - lint