name: Helm Publish

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  publish:
    runs-on: ubuntu-latest # or whatever your Gitea runner labels are

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Helm
        run: |
          set -euo pipefail
          curl -sSL https://get.helm.sh/helm-v3.15.0-linux-amd64.tar.gz -o /tmp/helm.tgz
          tar xzf /tmp/helm.tgz -C /tmp
          install /tmp/linux-amd64/helm /usr/local/bin/helm

      - name: Install helm cm-push plugin
        run: |
          set -euo pipefail
          helm plugin install https://github.com/chartmuseum/helm-push

      - name: Verify Chart.yaml version matches tag
        run: |
          set -euo pipefail
          FILE="Chart.yaml"
          YAML_VER="$(grep '^version:' "$FILE" | awk '{print $2}')"

      - name: Lint and package chart
        run: |
          set -euo pipefail
          helm lint .
          helm dependency update . || true
          helm package . -d /tmp

      - name: Push chart to Gitea Helm registry
        env:
          HELM_REPO_URL: "https://gitea.apilab.us/api/packages/cscott/helm"
          HELM_REPO_NAME: "gitea-helm"
          HELM_USER: "cscott"
          HELM_PASSWORD: "${{ secrets.GITEA_HELM_PASSWORD }}"
        run: |
          set -euo pipefail
          helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" \
            --username "$HELM_USER" \
            --password "$HELM_PASSWORD"

          NAME="$(grep '^name:' Chart.yaml | awk '{print $2}')"
          CHART_TGZ="/tmp/${NAME}-${YAML_VERSION}.tgz"
          if [ ! -f "$CHART_TGZ" ]; then
            echo "Expected packaged chart not found: $CHART_TGZ"
            ls -l /tmp
            exit 1
          fi

          helm cm-push "$CHART_TGZ" "$HELM_REPO_NAME"