build {
  name = local.build_name
  sources = [
    "source.docker.os",
  ]

  # pre-file-copy scripts
  provisioner "shell" {
    inline = var.scripts_pre_file_copy
  }

  # Deploy files from the image directory -> root of machine
  provisioner "file" {
    source      = var.deploy_files_from_image ? "./files/" : ""
    destination = "/"
  }

  # Deploy files from the common directory -> root of machine
  provisioner "file" {
    source      = var.deploy_files_from_common ? "../../../../files/${var.os_name}/${var.os_image}/" : ""
    destination = "/"
  }

  # manage deploying incus client certficates
  # this isnt super-secure, as the key ends up baked into the docker image
  provisioner "shell" {
    inline = [
      "if [ ${var.include_incus_client_certs} = true ]; then",
      "  mkdir -p /root/.config/incus",
      "  echo '${replace(local.incus_crt, "'", "'\\''")}' > /root/.config/incus/client.crt",
      "  echo '${replace(local.incus_key, "'", "'\\''")}' > /root/.config/incus/client.key",
      "fi"
    ]
  }

  # post-file-copy scripts
  provisioner "shell" {
    inline = var.scripts_post_file_copy
  }

  # pre-packages scripts
  provisioner "shell" {
    inline = var.scripts_pre_packages
  }

  # manage dnf/packages
  provisioner "shell" {
    inline = [
      "dnf install -y ${join(" ", var.packages)}"
    ]
  }

  # post-packages scripts
  provisioner "shell" {
    inline = var.scripts_post_packages
  }

  # final scripts
  provisioner "shell" {
    inline = var.scripts_final
  }


  post-processors {
    post-processor "docker-tag" {
      repository = "${var.docker_server}/unkin/${var.os_name}${var.os_version_major}-${var.os_image}"
      tags = ["latest", var.date]
    }

    dynamic "post-processor" {
      for_each = local.is_master ? [1] : []
      labels   = ["docker-push"]
      content {
        login = true
        login_server   = var.docker_server
        login_username = var.docker_username
        login_password = var.docker_password
      }
    }
  }
}