name: Publish Helm Chart

on:
  workflow_dispatch:
    inputs:
      tag:
        description: "Release tag to build (e.g., v4.3.6)"
        required: true
        type: string
      dry_run:
        description: "Prepare artifacts without publishing"
        required: false
        type: boolean
        default: false
  release:
    types: [published]
  repository_dispatch:
    types: [publish-helm]

concurrency:
  group: ${{ github.workflow }}-${{ (github.event_name == 'workflow_dispatch' && github.event.inputs.tag) || github.ref || github.run_id }}
  cancel-in-progress: false

permissions:
  contents: read

jobs:
  publish-helm:
    name: Publish Helm chart to GHCR
    if: ${{ github.event_name != 'release' || !github.event.release.prerelease }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Resolve version
        id: meta
        run: |
          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
            TAG="${{ inputs.tag }}"
          elif [[ "${{ github.event_name }}" == "release" ]]; then
            TAG="${{ github.event.release.tag_name }}"
          elif [[ "${{ github.event_name }}" == "repository_dispatch" ]]; then
            TAG="${{ github.event.client_payload.tag }}"
          fi

          VERSION="${TAG#v}"
          DRY_RUN="${{ inputs.dry_run || 'false' }}"

          {
            echo "tag=${TAG}"
            echo "version=${VERSION}"
            echo "dry_run=${DRY_RUN}"
          } >> "$GITHUB_OUTPUT"

          {
            echo "## Helm Publish Metadata"
            echo "- **Tag**: \`${TAG}\`"
            echo "- **Version**: \`${VERSION}\`"
            echo "- **Dry Run**: \`${DRY_RUN}\`"
          } >> "$GITHUB_STEP_SUMMARY"

      - name: Setup Helm
        uses: azure/setup-helm@v5

      - name: Lint chart
        run: helm lint --strict charts/kreuzberg/

      - name: Update Chart.yaml version
        run: |
          sed -i "s/^version:.*/version: ${{ steps.meta.outputs.version }}/" charts/kreuzberg/Chart.yaml
          sed -i "s/^appVersion:.*/appVersion: \"${{ steps.meta.outputs.version }}\"/" charts/kreuzberg/Chart.yaml
          {
            echo "### Chart.yaml"
            echo '```yaml'
            cat charts/kreuzberg/Chart.yaml
            echo '```'
          } >> "$GITHUB_STEP_SUMMARY"

      - name: Package chart
        run: |
          helm package charts/kreuzberg/ --destination .helm-packages/
          echo "### Packaged" >> "$GITHUB_STEP_SUMMARY"
          ls -lh .helm-packages/ >> "$GITHUB_STEP_SUMMARY"

      - name: Log in to GitHub Container Registry
        if: ${{ steps.meta.outputs.dry_run != 'true' }}
        uses: docker/login-action@v4
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Push chart to GHCR
        if: ${{ steps.meta.outputs.dry_run != 'true' }}
        run: |
          helm push .helm-packages/kreuzberg-${{ steps.meta.outputs.version }}.tgz oci://ghcr.io/kreuzberg-dev/charts
          echo "### Published" >> "$GITHUB_STEP_SUMMARY"
          echo "Chart pushed to \`oci://ghcr.io/kreuzberg-dev/charts/kreuzberg:${{ steps.meta.outputs.version }}\`" >> "$GITHUB_STEP_SUMMARY"

      - name: Dry-run summary
        if: ${{ steps.meta.outputs.dry_run == 'true' }}
        run: |
          echo "### Dry Run" >> "$GITHUB_STEP_SUMMARY"
          echo "Would have pushed \`kreuzberg-${{ steps.meta.outputs.version }}.tgz\` to \`oci://ghcr.io/kreuzberg-dev/charts\`" >> "$GITHUB_STEP_SUMMARY"