name: "docker: build all release containers (unified)"

on:
  push:
    tags:
      - '*'
  workflow_dispatch:
    inputs:
      variant:
        description: 'Variant to build manually'
        required: true
        type: choice
        default: all
        options:
          - all
          - normal
          - large_disk
          - full
          - large_disk_full
          - rocksdb
      release_tag:
        description: 'Release tag to publish (e.g. 3.93)'
        required: true
        default: ''
      rocksdb_version:
        description: 'RocksDB git tag to use when variant=rocksdb'
        required: false
        default: 'v10.10.1'

permissions:
  contents: read

env:
  RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.release_tag || github.ref_name }}

# Limit concurrent builds to avoid rate limits
concurrency:
  group: release-${{ github.ref }}
  cancel-in-progress: false

jobs:

  # ── Pre-build Rust volume server binaries natively ──────────────────
  # Cross-compiles for amd64 and arm64 without QEMU, turning a 5-hour
  # emulated cargo build into ~15 minutes of native compilation.
  build-rust-binaries:
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        include:
          - target: x86_64-unknown-linux-musl
            arch: amd64
          - target: aarch64-unknown-linux-musl
            arch: arm64
            cross: true
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Install protobuf compiler
        run: sudo apt-get update && sudo apt-get install -y protobuf-compiler

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.target }}

      - name: Install musl tools (amd64)
        if: ${{ !matrix.cross }}
        run: sudo apt-get install -y musl-tools

      - name: Install cross-compilation tools (arm64)
        if: matrix.cross
        run: |
          sudo apt-get install -y gcc-aarch64-linux-gnu
          echo "CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV"

      - name: Cache cargo registry and target
        uses: actions/cache@v5
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            seaweed-volume/target
          key: rust-docker-${{ matrix.target }}-${{ hashFiles('seaweed-volume/Cargo.lock') }}
          restore-keys: |
            rust-docker-${{ matrix.target }}-

      - name: Build large-disk variant
        env:
          SEAWEEDFS_COMMIT: ${{ github.sha }}
        run: |
          cd seaweed-volume
          cargo build --release --target ${{ matrix.target }}
          cp target/${{ matrix.target }}/release/weed-volume ../weed-volume-large-disk-${{ matrix.arch }}

      - name: Build normal variant
        env:
          SEAWEEDFS_COMMIT: ${{ github.sha }}
        run: |
          cd seaweed-volume
          cargo build --release --target ${{ matrix.target }} --no-default-features
          cp target/${{ matrix.target }}/release/weed-volume ../weed-volume-normal-${{ matrix.arch }}

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: rust-volume-${{ matrix.arch }}
          path: |
            weed-volume-large-disk-${{ matrix.arch }}
            weed-volume-normal-${{ matrix.arch }}

  # ── Build Docker containers ─────────────────────────────────────────
  build:
    needs: [build-rust-binaries]
    runs-on: ubuntu-latest
    strategy:
      # Build sequentially to avoid rate limits
      max-parallel: 2
      matrix:
        include:
          # Normal volume - multi-arch
          - variant: normal
            platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/386
            dockerfile: ./docker/Dockerfile.go_build
            build_args: ""
            tag_suffix: ""
            rust_variant: normal

          # Large disk - multi-arch
          - variant: large_disk
            platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/386
            dockerfile: ./docker/Dockerfile.go_build
            build_args: TAGS=5BytesOffset
            tag_suffix: _large_disk
            rust_variant: large-disk

          # Full tags - multi-arch
          - variant: full
            platforms: linux/amd64,linux/arm64
            dockerfile: ./docker/Dockerfile.go_build
            build_args: TAGS=elastic,gocdk,rclone,sqlite,tarantool,tikv,ydb
            tag_suffix: _full
            rust_variant: normal

          # Large disk + full tags - multi-arch
          - variant: large_disk_full
            platforms: linux/amd64,linux/arm64
            dockerfile: ./docker/Dockerfile.go_build
            build_args: TAGS=5BytesOffset,elastic,gocdk,rclone,sqlite,tarantool,tikv,ydb
            tag_suffix: _large_disk_full
            rust_variant: large-disk

          # RocksDB large disk - amd64 only
          - variant: rocksdb
            platforms: linux/amd64
            dockerfile: ./docker/Dockerfile.rocksdb_large
            build_args: ""
            tag_suffix: _large_disk_rocksdb
            rust_variant: large-disk
            
    steps:
      - name: Checkout
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        uses: actions/checkout@v6

      - name: Download pre-built Rust binaries
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        uses: actions/download-artifact@v4
        with:
          pattern: rust-volume-*
          merge-multiple: true
          path: ./rust-bins

      - name: Place Rust binaries in Docker context
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        run: |
          mkdir -p docker/weed-volume-prebuilt
          for arch in amd64 arm64; do
            src="./rust-bins/weed-volume-${{ matrix.rust_variant }}-${arch}"
            if [ -f "$src" ]; then
              cp "$src" "docker/weed-volume-prebuilt/weed-volume-${arch}"
              echo "Placed pre-built Rust binary for ${arch}"
            fi
          done
          ls -la docker/weed-volume-prebuilt/

      - name: Free Disk Space
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        run: |
          echo "Available disk space before cleanup:"
          df -h
          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL
          sudo apt-get clean
          sudo rm -rf /var/lib/apt/lists/*
          sudo docker system prune -af --volumes
          [ -d ~/.cache/go-build ] && rm -rf ~/.cache/go-build || true
          [ -d /go/pkg ] && rm -rf /go/pkg || true
          echo "Available disk space after cleanup:"
          df -h
          
      - name: Docker meta
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        id: docker_meta
        uses: docker/metadata-action@v6
        with:
          images: |
            chrislusf/seaweedfs
            ghcr.io/chrislusf/seaweedfs
          tags: type=raw,value=${{ env.RELEASE_TAG }}${{ matrix.tag_suffix }}
          flavor: latest=false
          labels: |
            org.opencontainers.image.title=seaweedfs
            org.opencontainers.image.description=SeaweedFS is a distributed storage system for blobs, objects, files, and data lake, to store and serve billions of files fast!
            org.opencontainers.image.vendor=Chris Lu
            
      - name: Set up QEMU
        if: (github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant) && contains(matrix.platforms, 'arm')
        uses: docker/setup-qemu-action@v4
        
      - name: Create BuildKit config
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        run: |
          cat > /tmp/buildkitd.toml <<EOF
          [registry."docker.io"]
            mirrors = ["https://mirror.gcr.io"]
          EOF
          
      - name: Set up Docker Buildx
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        uses: docker/setup-buildx-action@v4
        with:
          buildkitd-config: /tmp/buildkitd.toml
          
      - name: Login to Docker Hub
        if: (github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant) && github.event_name != 'pull_request'
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          
      - name: Login to GHCR
        if: (github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant) && github.event_name != 'pull_request'
        uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}
          
      - name: Build and push ${{ matrix.variant }}
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        uses: docker/build-push-action@v7
        env:
          DOCKER_BUILDKIT: 1
        with:
          context: ./docker
          push: ${{ github.event_name != 'pull_request' }}
          file: ${{ matrix.dockerfile }}
          platforms: ${{ matrix.platforms }}
          # Push to GHCR to avoid Docker Hub rate limits on pulls
          tags: |
            ghcr.io/chrislusf/seaweedfs:${{ env.RELEASE_TAG }}${{ matrix.tag_suffix }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          cache-from: type=gha,scope=${{ matrix.variant }}
          cache-to: type=gha,mode=max,scope=${{ matrix.variant }}
          build-args: |
            ${{ matrix.build_args }}
            BUILDKIT_INLINE_CACHE=1
            BRANCH=${{ github.sha }}
            ${{ matrix.variant == 'rocksdb' && format('ROCKSDB_VERSION={0}', github.event.inputs.rocksdb_version || 'v10.10.1') || '' }}
            
      - name: Clean up build artifacts
        if: always() && (github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant)
        run: |
          sudo docker system prune -f
          sudo rm -rf /tmp/go-build*

  copy-to-dockerhub:
    runs-on: ubuntu-latest
    needs: [build]
    if: github.event_name != 'pull_request'
    strategy:
      matrix:
        variant: [normal, large_disk, full, large_disk_full, rocksdb]
        include:
          - variant: normal
            tag_suffix: ""
          - variant: large_disk
            tag_suffix: _large_disk
          - variant: full
            tag_suffix: _full
          - variant: large_disk_full
            tag_suffix: _large_disk_full
          - variant: rocksdb
            tag_suffix: _large_disk_rocksdb
            
    steps:
      - name: Login to Docker Hub
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        uses: docker/login-action@v4
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
          
      - name: Login to GHCR
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}
          
      - name: Install crane
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        run: |
          cd $(mktemp -d)
          curl -sL "https://github.com/google/go-containerregistry/releases/latest/download/go-containerregistry_Linux_x86_64.tar.gz" | tar xz
          sudo mv crane /usr/local/bin/
          crane version
          
      - name: Copy ${{ matrix.variant }} from GHCR to Docker Hub
        if: github.event_name != 'workflow_dispatch' || github.event.inputs.variant == 'all' || github.event.inputs.variant == matrix.variant
        run: |
          # Function to retry with exponential backoff
          retry_with_backoff() {
            local max_attempts=5
            local timeout=1
            local attempt=1
            local exit_code=0
            
            while [ $attempt -le $max_attempts ]; do
              if "$@"; then
                return 0
              else
                exit_code=$?
              fi
              
              if [ $attempt -lt $max_attempts ]; then
                echo "Attempt $attempt failed. Retrying in ${timeout}s..." >&2
                sleep $timeout
                timeout=$((timeout * 2))
              fi
              
              attempt=$((attempt + 1))
            done
            
            echo "Command failed after $max_attempts attempts" >&2
            return $exit_code
          }
          
          # Copy multi-arch image from GHCR to Docker Hub with retry
          # This is much more efficient than pulling/pushing individual arch images
          echo "Copying ${{ matrix.variant }} from GHCR to Docker Hub..."
          retry_with_backoff crane copy \
            ghcr.io/chrislusf/seaweedfs:${{ env.RELEASE_TAG }}${{ matrix.tag_suffix }} \
            chrislusf/seaweedfs:${{ env.RELEASE_TAG }}${{ matrix.tag_suffix }}
          
          echo "✓ Successfully copied ${{ matrix.variant }} to Docker Hub"

  helm-release:
    runs-on: ubuntu-latest
    needs: [copy-to-dockerhub]
    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
    permissions:
      contents: write
      pages: write
    steps:
      - uses: actions/checkout@v6
      - name: Publish Helm charts
        uses: stefanprodan/helm-gh-pages@v1.7.0
        with:          
          token: ${{ secrets.GITHUB_TOKEN }}
          charts_dir: k8s/charts
          target_dir: helm
          branch: gh-pages
          helm_version: "3.18.4"