---
name: CI - Docs

on:
  push:
    branches:
      - main
      - next
      - version-*
  pull_request:
    branches:
      - main
      - version-*

jobs:
  lint:
    runs-on: ubuntu-latest
    env:
      NODE_ENV: production
    strategy:
      fail-fast: false
      matrix:
        command:
          - prettier-check
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
      - uses: ./.github/actions/setup-node
        with:
          working-directory: website
      - name: Lint
        run: corepack npm run ${{ matrix.command }} --prefix website
  build-docs:
    runs-on: ubuntu-latest
    env:
      NODE_ENV: production
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
      - uses: ./.github/actions/setup-node
        name: Setup Node.js
        with:
          working-directory: website
      - name: Build Documentation via Docusaurus
        run: corepack npm run build --prefix website
  build-integrations:
    runs-on: ubuntu-latest
    env:
      NODE_ENV: production
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
      - uses: ./.github/actions/setup-node
        with:
          working-directory: website
      - name: Build Integrations via Docusaurus
        run: corepack npm run build -w integrations --prefix website
  build-container:
    runs-on: ubuntu-latest
    permissions:
      # Needed to upload container images to ghcr.io
      packages: write
      # Needed for attestation
      id-token: write
      attestations: write
    steps:
      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v5
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
      - name: prepare variables
        uses: ./.github/actions/docker-push-variables
        id: ev
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_CORP_USERNAME }}
        with:
          image-name: ghcr.io/goauthentik/dev-docs
      - name: Login to Container Registry
        if: ${{ steps.ev.outputs.shouldPush == 'true' }}
        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build Docker Image
        id: push
        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
        with:
          tags: ${{ steps.ev.outputs.imageTags }}
          file: website/Dockerfile
          push: ${{ steps.ev.outputs.shouldPush == 'true' }}
          platforms: linux/amd64,linux/arm64
          context: .
          cache-from: type=registry,ref=ghcr.io/goauthentik/dev-docs:buildcache
          cache-to: ${{ steps.ev.outputs.shouldPush == 'true' && 'type=registry,ref=ghcr.io/goauthentik/dev-docs:buildcache,mode=max' || '' }}
      - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v3
        id: attest
        if: ${{ steps.ev.outputs.shouldPush == 'true' }}
        with:
          subject-name: ${{ steps.ev.outputs.attestImageNames }}
          subject-digest: ${{ steps.push.outputs.digest }}
          push-to-registry: true
  ci-website-mark:
    if: always()
    needs:
      - lint
      - build-docs
      - build-integrations
      - build-container
    runs-on: ubuntu-latest
    steps:
      - uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
        with:
          jobs: ${{ toJSON(needs) }}