searxng/.github/workflows/container.yml

---
name: Container

# yamllint disable-line rule:truthy
on:
  workflow_run:
    workflows:
      - Integration
    types:
      - completed
# TODO: Uncomment
# branches:
#   - master

permissions:
  contents: read
  # Organization GHCR
  packages: read

env:
  PYTHON_VERSION: "3.13"

jobs:
  build:
    if: github.event.workflow_run.conclusion == 'success'
    name: Build (${{ matrix.arch }})
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        include:
          - arch: amd64
            os: ubuntu-24.04
          - arch:
              arm64
              armv7
            os: ubuntu-24.04-arm

    permissions:
      # Organization GHCR
      packages: write

    steps:
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "${{ env.PYTHON_VERSION }}"

      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"

      - name: Setup cache Python
        uses: actions/cache@v4
        with:
          key: "python-${{ env.PYTHON_VERSION }}-${{ hashFiles('./requirements*.txt') }}"
          restore-keys: "python-${{ env.PYTHON_VERSION }}-"
          path: "./local"

      - name: Setup cache container mounts
        uses: actions/cache@v4
        with:
          key: "container-mounts-${{ hashFiles('./Dockerfile') }}"
          restore-keys: "container-mounts-"
          path: |
            /var/tmp/buildah-cache/
            /var/tmp/buildah-cache-*/

      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

      - name: Build
        env:
          OVERRIDE_ARCH: "${{ matrix.arch }}"
        run: make -e GIT_URL=$(git remote get-url origin) ci.container.build

  release:
    # TODO: Uncomment before merge
    # if: github.repository_owner == 'searxng'
    if: false
    name: Release (${{ matrix.arch }})
    runs-on: ubuntu-24.04-arm
    needs: build
    strategy:
      matrix:
        arch:
          - amd64
          - arm64
          - armv7

    steps:
      - if: env.DOCKERHUB_USERNAME != ''
        name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: "false"
          # make sure "make ci.container.push" can get the git history
          fetch-depth: "0"

      - if: env.DOCKERHUB_USERNAME != ''
        name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: "ghcr.io"
          username: "${{ github.repository_owner }}"
          password: "${{ secrets.GITHUB_TOKEN }}"

      - if: env.DOCKERHUB_USERNAME != ''
        name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: "docker.io"
          username: "${{ env.DOCKERHUB_USERNAME }}"
          password: "${{ secrets.DOCKERHUB_TOKEN }}"

      - if: env.DOCKERHUB_USERNAME != ''
        name: Release
        env:
          OVERRIDE_ARCH: "${{ matrix.arch }}"
        run: make -e GIT_URL=$(git remote get-url origin) ci.container.push