VERSION 0.8
PROJECT earthly-technologies/core
FROM --pass-args ..+base
WORKDIR /test

all:
    BUILD +google-artifact-registry
    BUILD +google-container-repository
    BUILD +azure-container-registry
    BUILD +amazon-elastic-container-registry

google-base:
    RUN curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-420.0.0-linux-x86_64.tar.gz && \
        tar -xvzf google-cloud-sdk-420.0.0-linux-x86_64.tar.gz && \
        ./google-cloud-sdk/install.sh -q && \
        ls -la /test/google-cloud-sdk

    ENV PATH $PATH:/test/google-cloud-sdk/bin

    RUN --secret=GCP_KEY=gcp/ci-cd-key \
        echo $GCP_KEY > key.json

    RUN gcloud auth activate-service-account --key-file /test/key.json

google-artifact-registry:
    FROM +google-base
    COPY google-artifact-repository.earth ./Earthfile

    RUN gcloud auth configure-docker us-west1-docker.pkg.dev

    RUN --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- --ci --push +push

    RUN --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- -P +pull

google-container-repository:
    FROM +google-base
    COPY google-container-registry.earth ./Earthfile

    RUN gcloud auth configure-docker

    RUN --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- --ci --push +push

    RUN --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- -P +pull

azure-container-registry:
    COPY azure-container-registry.earth ./Earthfile

   # Note that we dont have to install a cred helper here, also the cred helper wouldnt help here anyways
    RUN --secret AZ_USERNAME=azure/ci-cd-username \
        --secret AZ_PASSWORD=azure/ci-cd-password \
        (test -n "$AZ_USERNAME" || (echo "ERROR: AZ_USERNAME not set"; exit 1)) && \
        (test -n "$AZ_PASSWORD" || (echo "ERROR: AZ_PASSWORD not set"; exit 1)) && \
        docker login earthlyintegrationtest.azurecr.io --username "$AZ_USERNAME" --password "$AZ_PASSWORD"

    RUN --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- --ci --push +push

    RUN --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- -P +pull

amazon-elastic-container-registry:
    RUN apk add go aws-cli
    RUN go install github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login@latest

    COPY amazon-elastic-container-registry.earth ./Earthfile

    ENV AWS_REGION us-west-2

    # Set up the AWS credential helper
    # RUN --secret ACCT_ID=aws/account-id \
    #    mkdir -p /root/.docker && \
    #    echo "{\"credHelpers\":{\"$ACCT_ID.dkr.ecr.us-west-2.amazonaws.com\": \"ecr-login\"}}" > /root/.docker/config.json


    # Do a manual login, since the credential helper doesn't work with a pull-through cache.
    RUN --secret AWS_ACCESS_KEY_ID=aws/ci-cd-access-key \
        --secret AWS_SECRET_ACCESS_KEY=aws/ci-cd-access-secret \
        --secret ACCT_ID=aws/account-id \
        --privileged \
        aws ecr get-login-password | docker login --username AWS --password-stdin 404851345508.dkr.ecr.us-west-2.amazonaws.com

    # Pass through Account ID this way to avoid checking it into GitHub;
    # its not strictly secret this way but its secret enough
    RUN --secret AWS_ACCESS_KEY_ID=aws/ci-cd-access-key \
    --secret AWS_SECRET_ACCESS_KEY=aws/ci-cd-access-secret \
    --secret ACCT_ID=aws/account-id \
    --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- --build-arg ACCT_ID --ci --push +push

    RUN --secret AWS_ACCESS_KEY_ID=aws/ci-cd-access-key \
    --secret AWS_SECRET_ACCESS_KEY=aws/ci-cd-access-secret \
    --secret ACCT_ID=aws/account-id \
    --privileged \
    --entrypoint \
    --mount=type=tmpfs,target=/tmp/earthly \
    -- --build-arg ACCT_ID -P +pull
