name: Build and push images

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Validate package.json
        run: |
          # Fail if package.json is invalid JSON
          python3 -c "import json, sys; json.load(open('frontend/package.json'))" || \
            { echo "ERROR: frontend/package.json is invalid JSON"; exit 1; }

          # Fail if non-existent packages are present
          if grep -q "@polyline-codec" frontend/package.json; then
            echo "ERROR: @polyline-codec/core does not exist on npm - remove it"
            exit 1
          fi

          # Fail if npm ci is still in Dockerfile (requires lockfile we don't have)
          if grep -q "npm ci" frontend/Dockerfile; then
            echo "ERROR: frontend/Dockerfile uses 'npm ci' but no package-lock.json exists - change to 'npm install'"
            exit 1
          fi

          echo "Validation passed"

  build-backend:
    runs-on: ubuntu-latest
    needs: validate
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Log in to registry
        run: echo "${{ secrets.PACKAGE_TOKEN }}" | docker login gitea.jarrett.eu -u ${{ gitea.actor }} --password-stdin

      - name: Build and push backend
        uses: docker/build-push-action@v5
        with:
          context: ./backend
          file: ./backend/Dockerfile
          push: true
          tags: |
            gitea.jarrett.eu/${{ gitea.repository_owner }}/milevault-backend:latest
            gitea.jarrett.eu/${{ gitea.repository_owner }}/milevault-backend:${{ gitea.sha }}

  build-worker:
    runs-on: ubuntu-latest
    needs: validate
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Log in to registry
        run: echo "${{ secrets.PACKAGE_TOKEN }}" | docker login gitea.jarrett.eu -u ${{ gitea.actor }} --password-stdin

      - name: Build and push worker
        uses: docker/build-push-action@v5
        with:
          context: ./backend
          file: ./backend/Dockerfile.worker
          push: true
          tags: |
            gitea.jarrett.eu/${{ gitea.repository_owner }}/milevault-worker:latest
            gitea.jarrett.eu/${{ gitea.repository_owner }}/milevault-worker:${{ gitea.sha }}

  build-frontend:
    runs-on: ubuntu-latest
    needs: validate
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Log in to registry
        run: echo "${{ secrets.PACKAGE_TOKEN }}" | docker login gitea.jarrett.eu -u ${{ gitea.actor }} --password-stdin

      - name: Build and push frontend
        uses: docker/build-push-action@v5
        with:
          context: ./frontend
          file: ./frontend/Dockerfile
          push: true
          tags: |
            gitea.jarrett.eu/${{ gitea.repository_owner }}/milevault-frontend:latest
            gitea.jarrett.eu/${{ gitea.repository_owner }}/milevault-frontend:${{ gitea.sha }}
          build-args: |
            VITE_API_URL=/api
            VITE_MAPBOX_TOKEN=