# Gitea-specific Docker Bake file for advanced multi-platform builds
# Usage: docker buildx bake -f gitea-bake.hcl

variable "GITEA_REGISTRY" {
  default = notequal("", GITEA_REGISTRY) ? GITEA_REGISTRY : "ghcr.io"
}

variable "GITEA_REPOSITORY" {
  default = notequal("", GITEA_REPOSITORY) ? GITEA_REPOSITORY : "user/rxminder"
}

variable "TAG" {
  default = "latest"
}

variable "GITEA_SHA" {
  default = "dev"
}

variable "VITE_COUCHDB_URL" {
  default = "http://localhost:5984"
}

variable "VITE_COUCHDB_USER" {
  default = "admin"
}

variable "VITE_COUCHDB_PASSWORD" {
  default = "change-this-secure-password"
}

variable "APP_BASE_URL" {
  default = "http://localhost:8080"
}

variable "VITE_GOOGLE_CLIENT_ID" {
  default = ""
}

variable "VITE_GITHUB_CLIENT_ID" {
  default = ""
}

group "default" {
  targets = ["app"]
}

group "ci" {
  targets = ["app-ci"]
}

target "app" {
  dockerfile = "Dockerfile"
  context = "."
  platforms = [
    "linux/amd64",
    "linux/arm64"
  ]
  
  tags = [
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:${TAG}",
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:latest"
  ]
  
  args = {
    VITE_COUCHDB_URL = "${VITE_COUCHDB_URL}"
    VITE_COUCHDB_USER = "${VITE_COUCHDB_USER}"
    VITE_COUCHDB_PASSWORD = "${VITE_COUCHDB_PASSWORD}"
    APP_BASE_URL = "${APP_BASE_URL}"
    VITE_GOOGLE_CLIENT_ID = "${VITE_GOOGLE_CLIENT_ID}"
    VITE_GITHUB_CLIENT_ID = "${VITE_GITHUB_CLIENT_ID}"
    NODE_ENV = "production"
  }
  
  # Gitea registry caching
  cache-from = [
    "type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache"
  ]
  
  cache-to = [
    "type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache,mode=max"
  ]
}

# CI-specific target with commit SHA tagging
target "app-ci" {
  inherits = ["app"]
  tags = [
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:${GITEA_SHA}",
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:latest"
  ]
  
  # Enhanced CI-specific features
  attest = [
    "type=provenance,mode=max",
    "type=sbom"
  ]
  
  # CI registry push
  output = ["type=registry"]
}

# Development target for local builds
target "dev" {
  inherits = ["app"]
  platforms = ["linux/amd64"]
  tags = ["rxminder:dev"]
  
  # Local caching only
  cache-from = ["type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache"]
  cache-to = ["type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache"]
  
  # Load locally instead of push
  output = ["type=docker"]
}

# Production target with full attestations
target "prod" {
  inherits = ["app-ci"]
  
  # Production-specific tags
  tags = [
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:prod-${TAG}",
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:production"
  ]
  
  # Full security attestations for production
  attest = [
    "type=provenance,mode=max",
    "type=sbom"
  ]
}

# Staging target
target "staging" {
  inherits = ["app"]
  platforms = ["linux/amd64"]  # Single platform for staging
  
  tags = [
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:staging-${TAG}",
    "${GITEA_REGISTRY}/${GITEA_REPOSITORY}:staging"
  ]
  
  # Staging-specific build args
  args = {
    VITE_COUCHDB_URL = "${VITE_COUCHDB_URL}"
    VITE_COUCHDB_USER = "${VITE_COUCHDB_USER}"
    VITE_COUCHDB_PASSWORD = "${VITE_COUCHDB_PASSWORD}"
    APP_BASE_URL = "http://staging.localhost:8080"
    VITE_GOOGLE_CLIENT_ID = "${VITE_GOOGLE_CLIENT_ID}"
    VITE_GITHUB_CLIENT_ID = "${VITE_GITHUB_CLIENT_ID}"
    NODE_ENV = "staging"
  }
  
  output = ["type=registry"]
}