name: Build libvirtd base container

on:
  push:
    branches:
       - "main"
    paths:
      - "flake.nix"
      - "flake.lock"
      - "nix/containers/libvirtd_base.nix"
      - ".github/workflows/build-libvirt-container.yml"
  workflow_dispatch:

jobs:
  build-container:
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup bazel
        uses: ./.github/actions/setup_bazel_nix
        with:
          nixTools: |
            crane
            gzip

      - name: Log in to the Container registry
        uses: ./.github/actions/container_registry_login
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build container
        run: |
          nix build .#libvirtd_base
          gunzip < result > libvirtd_base.tar
          crane push libvirtd_base.tar ghcr.io/edgelesssys/constellation/libvirtd-base
          rm -f libvirtd_base.tar