name: Build Metrics Container

permissions:
  contents: read

on:
  push:
    branches:
      - main
    paths:
      - .github/workflows/build-metrics-container.yml
      - '.ci/metrics/**'
  pull_request:
    branches:
      - main
    paths:
      - .github/workflows/build-metrics-container.yml
      - '.ci/metrics/**'

jobs:
  build-metrics-container:
    if: github.repository_owner == 'llvm'
    runs-on: ubuntu-24.04
    outputs:
      container-name: ${{ steps.vars.outputs.container-name }}
      container-name-tag: ${{ steps.vars.outputs.container-name-tag }}
      container-filename: ${{ steps.vars.outputs.container-filename }}
    steps:
      - name: Checkout LLVM
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          sparse-checkout: .ci/metrics/
      - name: Write Variables
        id: vars
        run: |
          tag=`date +%s`
          container_name="ghcr.io/$GITHUB_REPOSITORY_OWNER/metrics"
          echo "container-name=$container_name" >> $GITHUB_OUTPUT
          echo "container-name-tag=$container_name:$tag" >> $GITHUB_OUTPUT
          echo "container-filename=$(echo $container_name:$tag  | sed -e 's/\//-/g' -e 's/:/-/g').tar" >> $GITHUB_OUTPUT
      - name: Build Container
        working-directory: ./.ci/metrics
        run: |
          podman build -t ${{ steps.vars.outputs.container-name-tag }} -f Dockerfile .
      # Save the container so we have it in case the push fails.  This also
      # allows us to separate the push step into a different job so we can
      # maintain minimal permissions while building the container.
      - name: Save Container Image
        run: |
          podman save  ${{ steps.vars.outputs.container-name-tag }} >  ${{ steps.vars.outputs.container-filename }}
      - name: Upload Container Image
        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: container
          path: ${{ steps.vars.outputs.container-filename }}
          retention-days: 14
  
  push-metrics-container:
    if: github.event_name == 'push'
    needs:
      - build-metrics-container
    permissions:
      packages: write
    runs-on: ubuntu-24.04
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Download Container
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: container
      - name: Push Container
        run: |
          podman load -i ${{ needs.build-metrics-container.outputs.container-filename }}
          podman tag ${{ needs.build-metrics-container.outputs.container-name-tag }} ${{ needs.build-metrics-container.outputs.container-name }}:latest
          podman login -u ${{ github.actor }} -p $GITHUB_TOKEN ghcr.io
          podman push ${{ needs.build-metrics-container.outputs.container-name-tag }}
          podman push ${{ needs.build-metrics-container.outputs.container-name }}:latest