# Copyright 2022 The TensorFlow Authors. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ==============================================================================

name: Build SIG Build containers as presubmits

on:
  pull_request:
    types: [labeled, opened, synchronize, reopened]
    paths:
      - '.github/workflows/sigbuild-docker-presubmit.yml'
      - 'tensorflow/tools/tf_sig_build_dockerfiles/**'
      - '!tensorflow/tools/tf_sig_build_dockerfiles/README.md'

permissions:
  contents: read

jobs:
  docker:
    if: github.repository == 'tensorflow/tensorflow' # Don't do this in forks
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [python3.9, python3.10, python3.11, python3.12]
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Delete unnecessary tools folder
        run: |
          df -h
          rm -rf /opt/hostedtoolcache
          df -h
      -
        name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
      -
        name: Login to GCR
        if: contains(github.event.pull_request.labels.*.name, 'build and push to gcr.io for staging')
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: gcr.io
          username: _json_key
          password: ${{ secrets.GCP_CREDS }}
      -
        name: Login to AR
        # Once this is verified, change the label's name. For now, we will piggyback on gcr.io actions.
        if: contains(github.event.pull_request.labels.*.name, 'build and push to gcr.io for staging')
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: us-central1-docker.pkg.dev
          username: _json_key
          password: ${{ secrets.GCP_CREDS }}
      -
        name: Grab the date to do cache busting (assumes same day OK to keep)
        run: |
          echo "DATE=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
        id: date
      -
        name: Build containers, and push to GCR only if the 'build and push to gcr.io for staging' label is applied
        id: docker_build
        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
        with:
          push: ${{ contains(github.event.pull_request.labels.*.name, 'build and push to gcr.io for staging') }}
          context: ./tensorflow/tools/tf_sig_build_dockerfiles
          target: devel
          build-args: |
            PYTHON_VERSION=${{ matrix.python-version }}
            CACHEBUSTER=${{ steps.date.outputs.DATE }}
          tags: |
            gcr.io/tensorflow-sigs/build:${{ github.event.number }}-${{ matrix.python-version }}
            us-central1-docker.pkg.dev/tensorflow-sigs/tensorflow/build:${{ github.event.number }}-${{ matrix.python-version }}
          cache-from: |
            type=registry,ref=tensorflow/build:latest-${{ matrix.python-version }}
            type=registry,ref=gcr.io/tensorflow-sigs/build:${{ github.event.number }}-${{ matrix.python-version }}
          cache-to: type=inline
      -
        name: Add a comment with the pushed containers
        uses: mshick/add-pr-comment@dd126dd8c253650d181ad9538d8b4fa218fc31e8 # v2
        if: contains(github.event.pull_request.labels.*.name, 'build and push to gcr.io for staging')
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          message: |
            I pushed these containers:
            
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.12`
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.11`
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.10`
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.9`
            
            Re-apply the `build and push to gcr.io for staging` label to rebuild and push again. This comment will only be posted once.
      -
        name: Print image digest
        run: echo ${{ steps.docker_build.outputs.digest }}