name: "Build: Release"

permissions:
  contents: read
  packages: write

on:
  workflow_call:
  workflow_dispatch:

env:
  CANDIDATE_IMAGE: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}
  RELEASE_IMAGE: ghcr.io/${{ github.repository }}:latest

jobs:
  release-ghcr:
    name: GitHub Container Registry
    runs-on: ${{ vars.RUNS_ON }}
    steps:
      - run: docker login ghcr.io -u ${{ vars.SERVICE_ACCOUNT_USERNAME }} -p ${{ secrets.SERVICE_ACCOUNT_TOKEN }}
      - run: docker pull ${{ env.CANDIDATE_IMAGE }}
      - run: docker tag ${{ env.CANDIDATE_IMAGE }} ${{ env.RELEASE_IMAGE }}
      - run: docker push ${{ env.RELEASE_IMAGE }}