name: "Build"

permissions:
  contents: read
on:
  workflow_dispatch:
  push:
    branches:
      - main
  schedule:
    - cron: "0 14 * * 2" # 2pm Patch Tuesday

concurrency:
  group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}"
  cancel-in-progress: true

jobs:
  tests:
    name: "Tests"
    uses: ./.github/workflows/tests.yml
    permissions:
      contents: read
  build-container:
    name: Build
    uses: ./.github/workflows/docker.build.yml
    secrets: inherit
    permissions:
      contents: read
      packages: write
  check-php:
    name: PHP QC
    uses: ./.github/workflows/php.check.yml
    secrets: inherit
    permissions:
      contents: read
      checks: write
  check-trunk:
    name: Trunk QC
    uses: ./.github/workflows/trunk.check.yml
    secrets: inherit
    permissions:
      contents: read
      checks: write
  validate-container:
    name: Validate
    needs:
      - build-container
    uses: ./.github/workflows/docker.validate.yml
    secrets: inherit
    permissions:
      contents: read
      packages: write
  release-container:
    name: Release
    needs:
      - build-container
      - validate-container
      - check-php
      - check-trunk
      - tests
    uses: ./.github/workflows/docker.release.yml
    secrets: inherit
    permissions:
      contents: read
      packages: write
  clean-container:
    name: Clean
    needs:
      - release-container
    if: always()
    uses: ./.github/workflows/docker.clean.yml
    secrets: inherit
    permissions:
      contents: read
      packages: write