name: Build
on: [push]

jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Important pour récupérer tout l'historique Git

      - name: Install CA certificate in runner
        run: |
          # Copier le certificat depuis le volume monté vers un emplacement standard
          sudo cp /certs/zen-ca.pem /usr/local/share/ca-certificates/zen-ca.crt
          sudo update-ca-certificates

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: |
            network=host
          buildkitd-config-inline: |
            # La configuration BuildKit va ici
            debug = true
            [registry."gitea.bv.stef.lan"]
              http = false
              insecure = false
              [[registry."gitea.bv.stef.lan".tls]]
                ca = ["/etc/ssl/certs/zen-ca.pem"]
                cert = []
                key = []

      - name: Log in to registry
        uses: docker/login-action@v3
        with:
          registry: gitea.bv.stef.lan
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Build and push image
        uses: docker/build-push-action@v6
        with:
          context: . # UTILISE LE CONTEXTE LOCAL, PAS L'URL GIT
          push: true
          tags: gitea.bv.stef.lan/stef/pki-manager:v01
          cache-from: type=gha
          cache-to: type=gha,mode=max
          provenance: false # Peut simplifier le débogage initialement
          build-args: |
            BUILDKIT_CONTEXT_KEEP_GIT_DIR=1