name: Build and Push Main Preview Env Docker Cache

# **What it does**: Builds and pushes the `main` Docker cache image
# **Why we have it**: It allows PRs using the registry cache to pull a pre-built image, which should speed up the build
# **Who does it impact**: All contributors.

on:
  push:
    branches:
      - main

permissions:
  contents: read

# This allows a subsequently queued workflow run to take priority over
# previously queued runs and interrupt currently executing runs
concurrency:
  group: '${{ github.workflow }}'
  cancel-in-progress: true

jobs:
  build-and-push-nonprod-cache:
    if: ${{ github.repository == 'github/docs-internal' || github.repository == 'github/docs' }}
    runs-on: ubuntu-latest
    timeout-minutes: 15
    env:
      ENABLE_EARLY_ACCESS: ${{ github.repository == 'github/docs-internal' }}
      DOCKER_IMAGE_CACHE_REF: ${{ secrets.NONPROD_REGISTRY_SERVER }}/${{ github.repository }}:main-preview
      NONPROD_REGISTRY_USERNAME: ${{ fromJSON('["ghdocs", "ghdocsinternal"]')[github.repository == 'github/docs-internal'] }}

    steps:
      - name: 'Az CLI login'
        uses: azure/login@66d2e78565ab7af265d2b627085bc34c73ce6abb
        with:
          creds: ${{ secrets.NONPROD_AZURE_CREDENTIALS }}

      - name: 'Docker login'
        uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a
        with:
          login-server: ${{ secrets.NONPROD_REGISTRY_SERVER }}
          username: ${{ env.NONPROD_REGISTRY_USERNAME }}
          password: ${{ secrets.NONPROD_REGISTRY_PASSWORD }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@f211e3e9ded2d9377c8cadc4489a4e38014bc4c9

      - name: Check out repo
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
        with:
          # To prevent issues with cloning early access content later
          persist-credentials: 'false'
          lfs: 'true'

      - name: Check out LFS objects
        run: git lfs checkout

      - if: ${{ env.ENABLE_EARLY_ACCESS }}
        name: Clone docs-early-access
        uses: actions/checkout@dcd71f646680f2efd8db4afa5ad64fdcba30e748
        with:
          repository: github/docs-early-access
          token: ${{ secrets.DOCUBOT_REPO_PAT }}
          path: docs-early-access
          ref: main

      - if: ${{ env.ENABLE_EARLY_ACCESS }}
        name: Merge docs-early-access repo's folders
        run: .github/actions-scripts/merge-early-access.sh

      # In addition to making the final image smaller, we also save time by not sending unnecessary files to the docker build context
      - name: 'Prune for preview env'
        run: .github/actions-scripts/prune-for-preview-env.sh

      - name: 'Build and push image'
        uses: docker/build-push-action@1cb9d22b932e4832bb29793b7777ec860fc1cde0
        with:
          context: .
          push: true
          target: preview
          tags: ${{ env.DOCKER_IMAGE_CACHE_REF }}
          cache-from: type=registry,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}
          cache-to: type=registry,mode=max,ref=${{ env.DOCKER_IMAGE_CACHE_REF }}