name: Helm Publish

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  publish:
    runs-on: ubuntu-latest
    container: alpine/helm:3.15.0 # any image with helm is fine

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install helm cm-push plugin
        run: |
          set -euo pipefail
          helm plugin install https://github.com/chartmuseum/helm-push

      - name: Determine version from git tag
        run: |
          set -euo pipefail
          TAG="$(git describe --tags --exact-match)"
          # TAG is like v0.1.3 -> VERSION=0.1.3
          VERSION="${TAG#v}"
          echo "TAG=${TAG}"
          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"

      - name: Verify Chart.yaml version matches tag
        run: |
          set -euo pipefail
          FILE="Chart.yaml"
          YAML_VER="$(grep '^version:' "$FILE" | awk '{print $2}')"
          if [ "$YAML_VER" != "$VERSION" ]; then
            echo "Chart.yaml version ($YAML_VER) != tag version ($VERSION)"
            exit 1
          fi

      - name: Lint and package chart
        run: |
          set -euo pipefail
          helm lint .
          helm dependency update . || true
          helm package . -d /tmp

      - name: Push chart to Gitea Helm registry
        env:
          HELM_REPO_URL: "https://gitea.apilab.us/api/packages/cscott/helm"
          HELM_REPO_NAME: "gitea-helm"
          HELM_USER: "cscott"
          HELM_PASSWORD: "${{ secrets.GITEA_HELM_PASSWORD }}"
        run: |
          set -euo pipefail
          helm repo add "$HELM_REPO_NAME" "$HELM_REPO_URL" \
            --username "$HELM_USER" \
            --password "$HELM_PASSWORD"

          NAME="$(grep '^name:' Chart.yaml | awk '{print $2}')"
          CHART_TGZ="/tmp/${NAME}-${VERSION}.tgz"
          if [ ! -f "$CHART_TGZ" ]; then
            echo "Expected packaged chart not found: $CHART_TGZ"
            ls -l /tmp
            exit 1
          fi

          helm cm-push "$CHART_TGZ" "$HELM_REPO_NAME"