kind: pipeline
type: kubernetes
name: update-helm-charts

steps:
  # Step 1: Lint all Helm charts
  - name: lint-charts
    image: alpine/helm:3.19.0
    commands:
      - find charts -maxdepth 2 -type d | grep "/v[0-9]\\+\\.[0-9]\\+\\.[0-9]\\+$" | xargs -I {} helm lint {}

  # Step 2: Package only changed Helm charts
  - name: package-all-charts
    image: alpine/helm:3.19.0
    commands:
      - mkdir -p charts/dist
      # Find all versioned chart directories
      - ALL_CHARTS=$(find charts -maxdepth 2 -type d | grep "/v[0-9]\\+\\.[0-9]\\+\\.[0-9]\\+$")
      - "echo \"Detected charts: $ALL_CHARTS\""
      - if [ -n "$ALL_CHARTS" ]; then echo "$ALL_CHARTS" | xargs -I {} helm package {} --destination charts/dist; else echo "No charts found in repository"; exit 1; fi
    depends_on:
      - lint-charts

  # Step 3: Push charts to Harbor
  - name: push-to-harbor
    image: alpine/helm:3.19.0
    commands:
      # Fail if credentials are missing
      - "if [ -z \"$HARBOR_USERNAME\" ] || [ -z \"$HARBOR_PASSWORD\" ]; then echo \"Error: HARBOR_USERNAME or HARBOR_PASSWORD not set\"; exit 1; fi"
      # Harbor registry host (OCI). Change if you want a different host or make it an environment variable.
      - export HARBOR_REGISTRY="porto.interlegis.leg.br"
      # Harbor project/repository to store charts (default: rancher-charts). Can be overridden by setting HARBOR_PROJECT env var in the pipeline.
      - export HARBOR_PROJECT="${HARBOR_PROJECT:-rancher-charts}"
      # Login to Harbor OCI registry
      - helm registry login "$HARBOR_REGISTRY" --username "$HARBOR_USERNAME" --password "$HARBOR_PASSWORD"
      # Save and push each packaged chart (.tgz) to Harbor using OCI (repository: <project>/<name>:<version>)
      - |
        if ls charts/dist/*.tgz >/dev/null 2>&1; then
          for CHART in charts/dist/*.tgz; do
            NAMEVER=$(basename "$CHART" .tgz)
            # split name and version: last '-' separates name and version
            VERSION=${NAMEVER##*-}
            NAME=${NAMEVER%-"$VERSION"}
            OCI_REF="oci://$HARBOR_REGISTRY/$HARBOR_PROJECT/$NAME:$VERSION"
            echo "Pushing $CHART as $OCI_REF"
            helm push "$CHART" "$OCI_REF"
            if [ $? -eq 0 ]; then
              echo "Successfully pushed $CHART to $OCI_REF"
              continue
            fi
          done
        else
          echo "No .tgz files to push"
          exit 0
        fi
    environment:
      HARBOR_USERNAME:
        from_secret: harbor_username
      HARBOR_PASSWORD:
        from_secret: harbor_password
    when:
      condition: ls charts/dist/*.tgz 2>/dev/null  # Only run if there are new .tgz files
    depends_on:
      - package-all-charts 

trigger:
  branch:
    - master
  event:
    - push