name: 'Update build tools image tag'

# This workflow it used to update tag of build tools in ECR.
# The most common use case is adding/moving `pinned` tag to `${GITHUB_RUN_IT}` image.

on:
  workflow_dispatch:
    inputs:
      from-tag:
        description: 'Source tag'
        required: true
        type: string
      to-tag:
        description: 'Destination tag'
        required: true
        type: string
        default: 'pinned'

defaults:
  run:
    shell: bash -euo pipefail {0}

permissions: {}

jobs:
  tag-image:
    runs-on: [ self-hosted, gen3, small ]

    env:
      ECR_IMAGE: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools
      DOCKER_HUB_IMAGE: docker.io/neondatabase/build-tools
      FROM_TAG: ${{ inputs.from-tag }}
      TO_TAG: ${{ inputs.to-tag }}

    steps:
      # Use custom DOCKER_CONFIG directory to avoid conflicts with default settings
      # The default value is ~/.docker
      - name: Set custom docker config directory
        run: |
          mkdir -p .docker-custom
          echo DOCKER_CONFIG=$(pwd)/.docker-custom >> $GITHUB_ENV

      - uses: docker/login-action@v2
        with:
          username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
          password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}

      - uses: docker/login-action@v2
        with:
          registry: 369495373322.dkr.ecr.eu-central-1.amazonaws.com
          username: ${{ secrets.AWS_ACCESS_KEY_DEV }}
          password: ${{ secrets.AWS_SECRET_KEY_DEV }}

      - uses: actions/setup-go@v5
        with:
          go-version: '1.21'

      - name: Install crane
        run: |
          go install github.com/google/go-containerregistry/cmd/crane@a0658aa1d0cc7a7f1bcc4a3af9155335b6943f40 # v0.18.0

      - name: Copy images
        run: |
          crane copy "${ECR_IMAGE}:${FROM_TAG}" "${ECR_IMAGE}:${TO_TAG}"
          crane copy "${ECR_IMAGE}:${FROM_TAG}" "${DOCKER_HUB_IMAGE}:${TO_TAG}"

      - name: Remove custom docker config directory
        if: always()
        run: |
          rm -rf .docker-custom