name: Helm publish

on:
  workflow_call:
    inputs:
      chart-directory:
        description: |
          Root directory of the Helm chart.
          Example: `charts/my-app`.
        type: string
        default: '.'
      chart-version:
        description: |
          Chart version to publish (e.g., `1.2.3`).
          If empty, the version from `Chart.yaml` is used.
        type: string
        default: ''
        required: false
      app-version:
        description: |
          Application version to embed in the chart (e.g., `1.2.3`).
          If empty, the `appVersion` from `Chart.yaml` is used.
        type: string
        default: ''
        required: false
      oci-registry:
        description: |
          OCI registry to push the chart to.
          Example: `harbor.example.com`.
        type: string
        required: true
      repository:
        description: |
          Repository path within the OCI registry.
          Example: `myorg/charts`.
        type: string
        required: true
      helm-version:
        description: |
          Helm version to install.
          Example: `v3.14.0`. Defaults to `latest`.
        type: string
        default: 'latest'
    secrets:
      OCI_REGISTRY_USERNAME:
        description: 'Username for the OCI registry.'
        required: true
      OCI_REGISTRY_PASSWORD:
        description: 'Password for the OCI registry.'
        required: true

jobs:
  publish:
    name: Publish Helm chart
    runs-on: ubuntu-custom
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Override chart version
        if: ${{ inputs.chart-version != '' }}
        run: |
          sed -i "s/^version:.*/version: ${{ inputs.chart-version }}/" \
            "${{ inputs.chart-directory }}/Chart.yaml"
          echo "Chart version set to: ${{ inputs.chart-version }}"

      - name: Override app version
        if: ${{ inputs.app-version != '' }}
        run: |
          sed -i "s/^appVersion:.*/appVersion: \"${{ inputs.app-version }}\"/" \
            "${{ inputs.chart-directory }}/Chart.yaml"
          echo "App version set to: ${{ inputs.app-version }}"

      - name: Update Helm dependencies
        run: |
          if grep -q '^dependencies:' "${{ inputs.chart-directory }}/Chart.yaml" 2>/dev/null; then
            helm dependency update "${{ inputs.chart-directory }}"
          fi

      - name: Login to OCI registry
        run: |
          echo "${{ secrets.OCI_REGISTRY_PASSWORD }}" | \
            helm registry login "${{ inputs.oci-registry }}" \
              --username "${{ secrets.OCI_REGISTRY_USERNAME }}" \
              --password-stdin

      - name: Package chart
        run: |
          helm package "${{ inputs.chart-directory }}" --destination /tmp/helm-packages
          ls -la /tmp/helm-packages/

      - name: Push chart to OCI registry
        run: |
          for pkg in /tmp/helm-packages/*.tgz; do
            echo "Pushing $pkg to oci://${{ inputs.oci-registry }}/${{ inputs.repository }}"
            helm push "$pkg" "oci://${{ inputs.oci-registry }}/${{ inputs.repository }}"
          done

      - name: Logout from OCI registry
        if: always()
        run: helm registry logout "${{ inputs.oci-registry }}"