name: Build Image
description: Build a container image locally with buildx and optionally run a smoke test. Does not push to registry.
inputs:
  image:
    description: Full image name without tag (e.g. code.fritzlab.net/fritzlab/chrony)
    required: true
  context:
    description: Docker build context path
    required: false
    default: .
  dockerfile:
    description: |
      Path to the Dockerfile, relative to the context (or absolute under
      $GITHUB_WORKSPACE). Defaults to "Dockerfile" inside the context.
      Use this for monorepos where the build context is the repo root but
      the Dockerfile lives in a subdir (e.g. dockerfile: api/Dockerfile).
    required: false
    default: ''
  build-args:
    description: Multiline KEY=VALUE pairs passed to docker build
    required: false
  smoke-test:
    description: |
      Shell command run after build. The image is exposed as $IMAGE
      (e.g. "docker run --rm --entrypoint /usr/sbin/chronyd $IMAGE -v").
      Empty = no test.
    required: false
    default: ''
  token:
    description: |
      ci-bot token (CI_BOT_TOKEN) for `docker login code.fritzlab.net`. Required
      when the Dockerfile's FROM is a PRIVATE fritzlab image (e.g. FROM
      code.fritzlab.net/fritzlab/base) — the org is `limited`, so buildx can't pull
      it anonymously. Omit for public-base builds (e.g. base itself = FROM debian).
    required: false
    default: ''
outputs:
  tag:
    description: Numeric tag assigned to the built image (= github.run_number)
    value: ${{ github.run_number }}
runs:
  using: composite
  steps:
    # Authenticate so buildx can pull PRIVATE fritzlab base images (org is
    # `limited`). No-op when `token` is empty (public-base builds).
    - name: Log in to code.fritzlab.net
      if: ${{ inputs.token != '' }}
      uses: docker/login-action@v3
      with:
        registry: code.fritzlab.net
        username: ci-bot
        password: ${{ inputs.token }}

    - name: Build (load to local docker)
      uses: docker/build-push-action@v6
      with:
        context: ${{ inputs.context }}
        file: ${{ inputs.dockerfile }}
        push: false
        load: true
        provenance: false
        network: host
        build-args: ${{ inputs.build-args }}
        tags: ${{ inputs.image }}:${{ github.run_number }}

    - name: Smoke test
      if: ${{ inputs.smoke-test != '' }}
      shell: bash
      env:
        IMAGE: ${{ inputs.image }}:${{ github.run_number }}
      run: |
        set -euo pipefail
        echo "+ ${{ inputs.smoke-test }}"
        ${{ inputs.smoke-test }}