edh-elo/.gitea/workflows/publish.yaml

name: Publish
on:
  push:
    branches:
      - main

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Import Secrets
        id: import-secrets
        uses: hashicorp/vault-action@v2
        with:
          url: http://vault.avril
          method: kubernetes
          # TODO - when https://github.com/go-gitea/gitea/pull/33945 is merged, instead use per-workflow OIDC-based auth
          role: act-runner-helm-charts
          secrets: |
            shared-secrets/data/gitea/pat_to_push_images token | GITEA_TOKEN

      - name: Login to Gitea
        uses: docker/login-action@v3
        with:
          username: scubbo
          password: ${{ env.GITEA_TOKEN }}
          registry: gitea.scubbo.org

      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Checkout
        uses: actions/checkout@v3

      - name: Build and push image
        uses: docker/build-push-action@v3
        with:
          context: .
          file: Dockerfile
          target: prod
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            gitea.scubbo.org/scubbo/edh-elo:${{ gitea.sha }}
            gitea.scubbo.org/scubbo/edh-elo:latest

      - name: Output
        run: |
          echo "Image pushed: gitea.scubbo.org/scubbo/edh-elo:${{ gitea.sha }}"

  update-helm-chart:
    runs-on: ubuntu-latest
    needs:
      - build-and-push

    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          repository: scubbo/helm-charts
          path: helm-charts
          github-server-url: http://gitea.avril

      - name: Update
        run: |
          cd helm-charts
          yq -i '.image.tag = "${{ gitea.sha }}"' charts/edh-elo/values.yaml
          git add -A
          git -c user.name="Imagebot" -c user.email="fake@scubbo.org" commit -m 'Update EDH ELO commit to "${{ gitea.sha }}"'
          # git remote add origin-with-credentials https://scubbo:${GITEA_PASSWORD}@gitea.scubbo.org/scubbo/helm-charts.git
          # git push origin-with-credentials main:main
          git push
          cd ..
          rm -rf helm-charts