.github/workflows/release-charts.yaml

# Main workflow to tag and publish swan/ and swan-cern/ charts in this repository automatically based on changes
# - NOTE: Runs only on the master branch
# - Runs the check-charts workflow before proceeding

# If the swan/ chart has new commits since it's last tag
# - Commits a new version, tag, github release and harbor release of swan/
# - Updates dependency of swan-cern/ on swan/

# If the swan-cern/ chart has new commits since it's last tag
# -  Commits a new version, tag, github release and harbor release of swan-cern/

# - uses secrets.WORKFLOW_ACCESS_TOKEN (GitHub PAT with admin permissions on repository) to push commits and tags
# - uses secrets.HELM_REPO_USERNAME and secrets.HELM_REPO_PASSWORD for a robot account on harbor with permissions to list and create helm chart versions

name: Release Charts
run-name: "Release swan: ${{ inputs.bump_swan }}, swan-cern: ${{ inputs.bump_swan_cern }}"
concurrency: release # Only run one 'release' workflow at a time

permissions:
  contents: write

on:
  workflow_dispatch:
    inputs:
      bump_swan:
        description: "Bump version for swan/"
        required: true
        default: patch
        type: choice
        options:
          - major
          - minor
          - patch
      
      bump_swan_cern:
        description: "Bump version for swan-cern/"
        required: true
        default: patch
        type: choice
        options:
          - major
          - minor
          - patch

      bump_swan_cern_system:
        description: "Bump version for swan-cern-system/"
        required: false
        default: patch
        type: choice
        options:
          - major
          - minor
          - patch

jobs:
  check_branch:
    runs-on: ubuntu-latest
    steps:
      - name: Fail if not on master branch
        if: github.ref != 'refs/heads/master'
        run: exit 1
  check_charts:
    needs: [check_branch]
    uses: ./.github/workflows/check-charts.yaml

  list_changed_charts:
    needs: [check_branch]
    runs-on: ubuntu-latest
    outputs:
      swan_has_changed: ${{ steps.diff.outputs.swan_has_changed }}
      swan-cern_has_changed: ${{ steps.diff.outputs.swan-cern_has_changed }}
      swan-cern-system_has_changed: ${{ steps.diff.outputs.swan-cern-system_has_changed }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          fetch-depth: 0 # Fetch all tags and history to check for changes
      - name: List charts with changes since last tag
        id: diff
        run: |
          set -euxo pipefail
          ./.github/workflows/list-changed-charts.sh >> $GITHUB_OUTPUT
      - name: Fail if no charts have changes
        if: steps.diff.outputs.swan_has_changed != 'true' && steps.diff.outputs.swan-cern_has_changed != 'true' && steps.diff.outputs.swan-cern-system_has_changed != 'true'
        run: exit 1
  

  tag_swan:
    needs: [check_charts, list_changed_charts]
    if: needs.list_changed_charts.outputs.swan_has_changed == 'true'
    uses: ./.github/workflows/tag-chart.yaml
    with:
      chart: swan
      bump: ${{ inputs.bump_swan }}
    secrets:
      WORKFLOW_ACCESS_TOKEN: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
      HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
      HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}

  update_dependency:
    # Update 'swan-cern' chart to use as dependency the new tagged version of 'swan' chart
    needs: [tag_swan]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
        with:
          persist-credentials: false # To use WORKFLOW_ACCESS_TOKEN instead of GITHUB_TOKEN in later steps
          ref: ${{ github.ref_name }} # Checkout latest commit on branch including new commits created in earlier steps

      - name: Update version of swan on swan-cern/Chart.yaml
        uses: mikefarah/yq@1f0881fb5faf371694bfa108753cda0b824f5037 # v4.28.2
        with:
          cmd: yq -i '(.dependencies[] | select(.name == "swan")).version = "${{ needs.tag_swan.outputs.new_version }}"' 'swan-cern/Chart.yaml'

      - name: Commit changes
        run: |
          set -x
          helm dependency update swan-cern
          cd swan-cern
          git config user.name github-actions
          git config user.email github-actions@github.com
          git add .
          git commit -m "Update swan-cern to use swan@${{ needs.tag_swan.outputs.new_version }} by @${{ github.actor }}"

      - name: Push commit
        uses: ad-m/github-push-action@4dcce6dea3e3c8187237fc86b7dfdc93e5aaae58
        with:
          github_token: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
          branch: ${{ github.ref_name }}

  tag_swan_cern:
    needs: [check_charts, list_changed_charts, tag_swan, update_dependency]
    if: |
      always() && 
      needs.check_charts.result == 'success' && 
      needs.list_changed_charts.result == 'success' &&
      needs.tag_swan.result != 'failure' && 
      needs.update_dependency.result != 'failure' && 
      (needs.list_changed_charts.outputs.swan_has_changed == 'true' || needs.list_changed_charts.outputs.swan-cern_has_changed == 'true')
    uses: ./.github/workflows/tag-chart.yaml
    with:
      chart: swan-cern
      bump: ${{ inputs.bump_swan_cern }}
    secrets:
      WORKFLOW_ACCESS_TOKEN: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
      HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
      HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}

  tag_swan_cern_system:
    needs: [check_charts, list_changed_charts]
    if: needs.list_changed_charts.outputs.swan-cern-system_has_changed == 'true'
    uses: ./.github/workflows/tag-chart.yaml
    with:
      chart: swan-cern-system
      bump: ${{ inputs.bump_swan_cern_system }}
    secrets:
      WORKFLOW_ACCESS_TOKEN: ${{ secrets.WORKFLOW_ACCESS_TOKEN }}
      HELM_REPO_USERNAME: ${{ secrets.HELM_REPO_USERNAME }}
      HELM_REPO_PASSWORD: ${{ secrets.HELM_REPO_PASSWORD }}