name: Publish Helm Charts

on:
  push:
    branches:
      - main
    tags:
      - "v*"
  workflow_dispatch:

jobs:
  helm-publish:
    runs-on: builder-ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Helm
        uses: azure/setup-helm@v4
        with:
          version: v3.14.0

      - name: Package and push charts
        env:
          HELM_OCI_NAMESPACE: ${{ secrets.HELM_OCI_NAMESPACE }}
          HELM_USERNAME: ${{ secrets.HELM_USERNAME }}
          HELM_PASSWORD: ${{ secrets.HELM_PASSWORD }}
        run: |
          set -euo pipefail

          CHART_LIST_FILE="charts.list"
          if [[ ! -f "$CHART_LIST_FILE" ]]; then
            echo "[helm_publish] Missing chart list file ${CHART_LIST_FILE}" >&2
            exit 1
          fi

          mapfile -t CHART_DIRS < <(grep -v '^\s*#' "$CHART_LIST_FILE" | sed '/^\s*$/d')
          if [[ ${#CHART_DIRS[@]} -eq 0 ]]; then
            echo "[helm_publish] No chart directories listed in ${CHART_LIST_FILE}"
            exit 0
          fi

          if [[ -z "${HELM_OCI_NAMESPACE:-}" ]]; then
            echo "[helm_publish] HELM_OCI_NAMESPACE is required" >&2
            exit 1
          fi

          HELM_REGISTRY_HOST="${HELM_OCI_NAMESPACE%%/*}"
          HELM_REGISTRY_PROJECT="${HELM_OCI_NAMESPACE#*/}"
          if [[ -z "$HELM_REGISTRY_PROJECT" || "$HELM_REGISTRY_PROJECT" == "$HELM_OCI_NAMESPACE" ]]; then
            echo "[helm_publish] HELM_OCI_NAMESPACE must be host/project (got ${HELM_OCI_NAMESPACE})" >&2
            exit 1
          fi

          if [[ -n "${HELM_USERNAME:-}" && -n "${HELM_PASSWORD:-}" ]]; then
            echo "[helm_publish] Logging into ${HELM_REGISTRY_HOST} as ${HELM_USERNAME}"
            helm registry login "$HELM_REGISTRY_HOST" -u "$HELM_USERNAME" -p "$HELM_PASSWORD"
          else
            echo "[helm_publish] HELM_USERNAME/HELM_PASSWORD not set; assuming credentials already configured"
          fi

          status=0
          for chart_dir in "${CHART_DIRS[@]}"; do
            if [[ ! -f "$chart_dir/Chart.yaml" ]]; then
              echo "[helm_publish] Skip ${chart_dir} (no Chart.yaml)"
              continue
            fi
            echo "[helm_publish] Processing chart: ${chart_dir}"

            helm dependency build "$chart_dir" || true

            if ! helm lint "$chart_dir"; then
              echo "[helm_publish] Warning: helm lint failed for ${chart_dir}"
            fi

            pkg_out_dir="$chart_dir/.packages"
            mkdir -p "$pkg_out_dir"

            pkg_path=$(helm package "$chart_dir" --destination "$pkg_out_dir" | awk '{print $NF}')
            if [[ ! -f "$pkg_path" ]]; then
              echo "[helm_publish] Failed to package ${chart_dir}" >&2
              status=1
              continue
            fi
            echo "[helm_publish] Packaged: ${pkg_path}"

            if [[ "${DRY_RUN:-}" == "1" ]]; then
              echo "[helm_publish] DRY_RUN enabled; skip push for ${pkg_path}"
              continue
            fi

            echo "[helm_publish] Pushing ${pkg_path} to oci://${HELM_OCI_NAMESPACE}"
            if ! helm push "$pkg_path" "oci://${HELM_OCI_NAMESPACE}"; then
              echo "[helm_publish] Push failed for ${pkg_path}" >&2
              status=1
            fi
          done

          exit $status