.github/workflows/publish-nginx-serve.yml

name: Publish nginx serve image

on:
  workflow_dispatch:
  push:
    branches:
      - develop
      - project/*

permissions:
  packages: write


jobs:
  publish_image:
    name: Publish Docker Image
    runs-on: ubuntu-latest

    outputs:
      docker_image_name: ${{ steps.prep.outputs.tagged_image_name }}
      docker_image_tag: ${{ steps.prep.outputs.tag }}
      docker_image: ${{ steps.prep.outputs.tagged_image }}

    steps:
      - uses: actions/checkout@main

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: 🐳 Prepare Docker
        id: prep
        env:
          IMAGE_NAME: ghcr.io/${{ github.repository }}
        run: |
          BRANCH_NAME=$(echo $GITHUB_REF_NAME | sed 's|:|-|' | tr '[:upper:]' '[:lower:]' | sed 's/_/-/g' | cut -c1-100 | sed 's/-*$//')

          # XXX: Check if there is a slash in the BRANCH_NAME eg: project/add-docker
          if [[ "$BRANCH_NAME" == *"/"* ]]; then
              # XXX: Change the docker image package to -alpha
              IMAGE_NAME="$IMAGE_NAME-alpha"
              TAG="$(echo "$BRANCH_NAME" | sed 's|/|-|g').$(echo $GITHUB_SHA | head -c7)"
          else
              TAG="$BRANCH_NAME.$(echo $GITHUB_SHA | head -c7)"
          fi

          IMAGE_NAME=$(echo $IMAGE_NAME | tr '[:upper:]' '[:lower:]')
          echo "tagged_image_name=${IMAGE_NAME}" >> $GITHUB_OUTPUT
          echo "tag=${TAG}" >> $GITHUB_OUTPUT
          echo "tagged_image=${IMAGE_NAME}:${TAG}" >> $GITHUB_OUTPUT
          echo "::notice::Tagged docker image: ${IMAGE_NAME}:${TAG}"

      - name: 🐳 Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v3

      - name: 🐳 Cache Docker layers
        uses: actions/cache@v4
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.ref }}
          restore-keys: |
            ${{ runner.os }}-buildx-refs/develop
            ${{ runner.os }}-buildx-

      - name: 🐳 Docker build
        uses: docker/build-push-action@v6
        with:
          context: .
          builder: ${{ steps.buildx.outputs.name }}
          file: nginx-serve/Dockerfile
          target: nginx-serve
          load: true
          push: true
          tags: ${{ steps.prep.outputs.tagged_image }}
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
          build-args: |
            "APP_SENTRY_TRACES_SAMPLE_RATE=0.8"
            "APP_SENTRY_REPLAYS_SESSION_SAMPLE_RATE=0.8"
            "APP_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE=0.8"

      - name: 🐳 Move docker cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

  publish_helm:
    name: Publish Helm
    needs: publish_image
    runs-on: ubuntu-latest

    steps:
    - name: Checkout code
      uses: actions/checkout@v4

    - name: Login to GitHub Container Registry
      uses: docker/login-action@v3
      with:
        registry: ghcr.io
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Install Helm
      uses: azure/setup-helm@v3

    - name: Tag docker image in Helm Chart values.yaml
      env:
        IMAGE_NAME: ${{ needs.publish_image.outputs.docker_image_name }}
        IMAGE_TAG: ${{ needs.publish_image.outputs.docker_image_tag }}
      run: |
        # Update values.yaml with latest docker image
        sed -i "s|SET-BY-CICD-IMAGE|$IMAGE_NAME|" nginx-serve/helm/values.yaml
        sed -i "s/SET-BY-CICD-TAG/$IMAGE_TAG/" nginx-serve/helm/values.yaml

    - name: Package Helm Chart
      id: set-variables
      run: |
        # XXX: Check if there is a slash in the BRANCH_NAME eg: project/add-docker
        if [[ "$GITHUB_REF_NAME" == *"/"* ]]; then
            # XXX: Change the helm chart to <chart-name>-alpha
            sed -i 's/^name: \(.*\)/name: \1-alpha/' nginx-serve/helm/Chart.yaml
        fi

        SHA_SHORT=$(git rev-parse --short HEAD)
        sed -i "s/SET-BY-CICD/$SHA_SHORT/g" nginx-serve/helm/Chart.yaml
        helm package ./nginx-serve/helm -d .helm-charts

    - name: Push Helm Chart
      env:
        IMAGE: ${{ needs.publish_image.outputs.docker_image }}
        OCI_REPO: oci://ghcr.io/${{ github.repository }}
      run: |
        OCI_REPO=$(echo $OCI_REPO | tr '[:upper:]' '[:lower:]')
        PACKAGE_FILE=$(ls .helm-charts/*.tgz | head -n 1)
        echo "# Helm Chart" >> $GITHUB_STEP_SUMMARY
        echo "" >> $GITHUB_STEP_SUMMARY
        echo "Tagged Image: **$IMAGE**" >> $GITHUB_STEP_SUMMARY
        echo "" >> $GITHUB_STEP_SUMMARY
        echo "Helm push output" >> $GITHUB_STEP_SUMMARY
        echo "" >> $GITHUB_STEP_SUMMARY
        echo '```bash' >> $GITHUB_STEP_SUMMARY
        helm push "$PACKAGE_FILE" $OCI_REPO >> $GITHUB_STEP_SUMMARY
        echo '```' >> $GITHUB_STEP_SUMMARY