on:
  push:
env:
  REGISTRY_IMAGE: ${{ vars.REGISTRY }}/${{ github.repository }}:${{ github.ref_name }}

jobs:
  build:
    runs-on: debian
    steps:
      -
        name: Install and configure dependencies
        run: |
          apt-get update
          apt-get install -y --no-install-recommends \
            buildah \
            ca-certificates \
            containers-storage \
            crun \
            git \
            netavark \
          ;
          shared=/var/lib/shared/storage
          sed /usr/share/containers/storage.conf \
            -e "/^additionalimagestores/a"'\
            '"\"$shared\"" \
          > /etc/containers/storage.conf
      -
        name: Checkout repository
        run: |
          git config --global credential.helper store
          echo "https://runner:${{ secrets.GITHUB_TOKEN }}@$(echo "${{ github.server_url }}" | cut -b 9-)" > ~/.git-credentials
          git clone --branch ${{ github.ref_name }} ${{ github.server_url }}/${{ github.repository }} ${{ github.workspace }}
      -
        name: Authenticate with registry
        run: |
          echo "${{ secrets.REGISTRY_TOKEN }}" | buildah login ${{ vars.REGISTRY }} --username runner --password-stdin
      -
        name: Build and push
        run: |
          export BUILDAH_ISOLATION=chroot
          export _BUILDAH_STARTED_IN_USERNS=""
          ${{ github.workspace }}/builder.sh ${{ env.REGISTRY_IMAGE }}
          buildah push ${{ env.REGISTRY_IMAGE }}