Pulse/.github/workflows/helm-pages.yml

name: Release Helm Chart to GitHub Pages

on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      chart_version:
        description: "Chart version (e.g., 4.28.0)"
        required: true

permissions:
  contents: write

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure Git
        run: |
          git config user.name "$GITHUB_ACTOR"
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Install Helm
        uses: azure/setup-helm@v4
        with:
          version: v3.15.2

      - name: Install helm-docs
        run: |
          cd /tmp
          wget https://github.com/norwoodj/helm-docs/releases/download/v1.14.2/helm-docs_1.14.2_Linux_x86_64.tar.gz
          tar -xzf helm-docs_1.14.2_Linux_x86_64.tar.gz
          sudo mv helm-docs /usr/local/bin/
          helm-docs --version

      - name: Generate chart documentation
        run: |
          cd deploy/helm/pulse
          helm-docs

          # Commit if README changed
          if [ "${GITHUB_EVENT_NAME}" != "release" ] && ! git diff --quiet README.md; then
            git config user.name "$GITHUB_ACTOR"
            git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
            git add README.md
            git commit -m "Auto-update Helm chart documentation"
            git push
          elif [ "${GITHUB_EVENT_NAME}" = "release" ] && ! git diff --quiet README.md; then
            echo "README.md updated by helm-docs but skipping commit because release workflows checkout a detached HEAD."
          fi
          cd ../../..

      - name: Determine chart version
        id: version
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            VERSION="${{ inputs.chart_version }}"
          else
            VERSION="${{ github.event.release.tag_name }}"
            VERSION="${VERSION#v}"
          fi
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"

      - name: Update Chart.yaml version
        run: |
          VERSION="${{ steps.version.outputs.version }}"
          sed -i "s/^version: .*/version: $VERSION/" deploy/helm/pulse/Chart.yaml
          sed -i "s/^appVersion: .*/appVersion: \"$VERSION\"/" deploy/helm/pulse/Chart.yaml

          # Commit only on workflow_dispatch (release runs are detached HEAD)
          if [ "${GITHUB_EVENT_NAME}" != "release" ] && ! git diff --quiet deploy/helm/pulse/Chart.yaml; then
            git config user.name "$GITHUB_ACTOR"
            git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
            git add deploy/helm/pulse/Chart.yaml
            git commit -m "Auto-update Helm chart version to $VERSION"
            git push
          elif [ "${GITHUB_EVENT_NAME}" = "release" ] && ! git diff --quiet deploy/helm/pulse/Chart.yaml; then
            echo "Chart.yaml updated for packaging, skipping commit (detached HEAD on release event)."
          fi

      - name: Validate Helm chart
        run: |
          # Strict linting
          helm lint deploy/helm/pulse --strict

          # Template validation with minimal values
          helm template pulse deploy/helm/pulse --set persistence.enabled=false > /dev/null

          # Template validation with common overrides
          helm template pulse deploy/helm/pulse \
            --set ingress.enabled=true \
            --set ingress.hosts[0].host=pulse.example.com \
            --set agent.enabled=true > /dev/null

          echo "✓ Chart validation passed"

      - name: Smoke test with kind
        run: |
          # Install kind
          curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
          chmod +x ./kind
          sudo mv ./kind /usr/local/bin/kind

          # Create cluster
          kind create cluster --name pulse-test --wait 5m

          # Install chart
          helm install pulse deploy/helm/pulse \
            --set persistence.enabled=false \
            --set server.secretEnv.create=true \
            --set server.secretEnv.data.API_TOKENS=test-token \
            --wait --timeout 3m

          # Verify deployment
          kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=pulse --timeout=120s
          kubectl get pods -l app.kubernetes.io/name=pulse

          # Test upgrade
          helm upgrade pulse deploy/helm/pulse \
            --set persistence.enabled=false \
            --set server.secretEnv.create=true \
            --set server.secretEnv.data.API_TOKENS=test-token \
            --wait --timeout 3m

          # Cleanup
          kind delete cluster --name pulse-test

          echo "✓ Smoke test passed"

      - name: Run chart-releaser
        uses: helm/chart-releaser-action@v1.6.0
        with:
          charts_dir: deploy/helm
          config: cr.yaml
          skip_existing: true
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
          CR_MAKE_RELEASE_LATEST: false

      - name: Mark Helm chart release as pre-release (avoid latest override)
        env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          TAG="helm-chart-${{ steps.version.outputs.version }}"
          gh release edit "$TAG" --prerelease --latest=false || echo "No helm chart release to edit for $TAG"