name: Build and Push to ECR

on:
  pull_request:
    branches: [ "main" ]
    paths:
      - 'app/**'

permissions:
  id-token: write 
  contents: read  

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::252475680078:role/GitHubActionsECRPushRole
          aws-region: us-east-1

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and Push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            ${{ steps.login-ecr.outputs.registry }}/my-web-app:${{ github.sha }}
            ${{ steps.login-ecr.outputs.registry }}/my-web-app:latest