name: Login Container

on:
  workflow_call:
    inputs:
      login_build_image_name:
        description: 'The image repository name of the standalone login image'
        type: string
        required: true
      node_version:
        required: true
        type: string
    outputs:
      login_build_image:
          description: 'The full image tag of the standalone login image'
          value: '${{ inputs.login_build_image_name }}:${{ github.sha }}'
    secrets:
      DEPOT_TOKEN:
        required: true

permissions:
  packages: write

env:
  default_labels: |
    org.opencontainers.image.documentation=https://zitadel.com/docs
    org.opencontainers.image.vendor=CAOS AG
    org.opencontainers.image.licenses=MIT

jobs:
  login-container:
    name: Build Login Container
    runs-on: ubuntu-latest
    permissions:
      packages: write
    steps:
      - uses: actions/checkout@v4
      - uses: depot/setup-action@v1
      - name: Login meta
        id: login-meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ inputs.login_build_image_name }}
          labels: ${{ env.default_labels}}
          annotations: |
            manifest:org.opencontainers.image.licenses=MIT
          tags: |
            type=sha,prefix=,suffix=,format=long
      - name: Login to Docker registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Bake login multi-arch
        uses: depot/bake-action@v1
        env:
          DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}
          NODE_VERSION: ${{ inputs.node_version }}
        with:
          push: true
          provenance: true
          sbom: true
          targets: login-standalone
          project: w47wkxzdtw
          files: |
            ./apps/login/docker-bake.hcl
            ./apps/login/docker-bake-release.hcl
            ./docker-bake.hcl
            cwd://${{ steps.login-meta.outputs.bake-file }}