name: release-charts

on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
  push:
    branches:
      - main
    paths:
      - "charts/**"

jobs:
  release:
    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
    permissions:
      contents: write  # for helm/chart-releaser-action to push chart release and create a release
      packages: write  # to push OCI chart package to GitHub Registry
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Install Helm
        uses: azure/setup-helm@v4
        env:
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      # Optional step if GPG signing is used
      - name: Prepare GPG key
        run: |
          gpg_dir=.cr-gpg
          keyring="$gpg_dir/secring.gpg"
          passphrase_file="$gpg_dir/passphrase"
          mkdir "$gpg_dir"
          base64 -d <<< "$GPG_KEYRING_BASE64" > "$keyring"
          echo "$GPG_PASSPHRASE" > "$passphrase_file"
          echo "CR_KEYRING=$keyring" >> "$GITHUB_ENV"
          echo "CR_PASSPHRASE_FILE=$passphrase_file" >> "$GITHUB_ENV"
        env:
          GPG_KEYRING_BASE64: "${{ secrets.GPG_KEYRING_BASE64 }}"
          GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"

      - name: Add helm repositories
        run: |
          for dir in $(ls -d charts/*/); do
            helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '{ print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done
          done

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.6.0
        with:
          config: "./.github/configs/cr.yaml"
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Login to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Push chart to GHCR
        run: |
          shopt -s nullglob
          for pkg in .cr-release-packages/*.tgz; do
            if [ -z "${pkg:-}" ]; then
              break
            fi
            helm push "${pkg}" oci://ghcr.io/${{ github.repository }}
          done