name: Build and push limbo-sim image

on:
  workflow_dispatch:
  push:
    branches:
      - main

# Add permissions needed for OIDC authentication with AWS
permissions:
  id-token: write # allow getting OIDC token
  contents: read # allow reading repository contents

# Ensure only one build runs at a time. A new push to main will cancel any in-progress build.
concurrency:
  group: "build-sim"
  cancel-in-progress: true

env:
  AWS_REGION: ${{ secrets.LIMBO_SIM_AWS_REGION }}
  IAM_ROLE: ${{ secrets.LIMBO_SIM_DEPLOYER_IAM_ROLE }}
  ECR_URL: ${{ secrets.LIMBO_SIM_ECR_URL }}
  ECR_IMAGE_NAME: ${{ secrets.LIMBO_SIM_IMAGE_NAME }}
  GIT_HASH: ${{ github.sha }}

jobs:
  deploy:
    runs-on: blacksmith
    timeout-minutes: 30
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.IAM_ROLE }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        uses: aws-actions/amazon-ecr-login@v2

      - name: Build and push limbo-sim docker image
        run: |
          docker build -f simulator-docker-runner/Dockerfile.simulator -t ${{ env.ECR_URL }}/${{ env.ECR_IMAGE_NAME }} --build-arg GIT_HASH=${{ env.GIT_HASH }} .
          docker push ${{ env.ECR_URL }}/${{ env.ECR_IMAGE_NAME }}