---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Flux Diff

on:
  pull_request:
    branches: [main]
    paths: [kubernetes/**]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
  cancel-in-progress: true

jobs:
  flux-diff:
    name: Flux Diff
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    strategy:
      matrix:
        resources: [helmrelease, kustomization]
      max-parallel: 4
      fail-fast: false
    steps:
      - name: Generate Token
        uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: "${{ secrets.BOT_APP_ID }}"
          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"

      - name: Setup System Tools
        shell: bash
        run: sudo apt-get -qq update && sudo apt-get -qq install --no-install-recommends -y curl git

      - name: Checkout Default Branch
        uses: actions/checkout@v4
        with:
          token: "${{ steps.app-token.outputs.token }}"
          ref: "${{ github.event.repository.default_branch }}"
          path: default

      - name: Checkout Pull Request Branch
        uses: actions/checkout@v4
        with:
          token: "${{ steps.app-token.outputs.token }}"
          path: pull

      - name: Diff Resources
        uses: docker://ghcr.io/allenporter/flux-local:v6.0.2@sha256:75724e414519d955027a7b2b9eb0c64aa7d41dc2b5cfd2607d46cdeff79f713c
        with:
          args: >-
            diff ${{ matrix.resources }}
            --unified 6
            --path /github/workspace/pull/kubernetes/flux
            --path-orig /github/workspace/default/kubernetes/flux
            --strip-attrs "helm.sh/chart,checksum/config,app.kubernetes.io/version,chart"
            --limit-bytes 10000
            --all-namespaces
            --sources "home-ops-kubernetes"
            --output-file diff.patch

      - name: Generate Diff
        id: diff
        run: |
          echo "diff<<EOF" >> $GITHUB_OUTPUT
          cat diff.patch >> $GITHUB_OUTPUT
          echo "EOF" >> $GITHUB_OUTPUT
          echo "### Diff" >> $GITHUB_STEP_SUMMARY
          echo '```diff' >> $GITHUB_STEP_SUMMARY
          cat diff.patch >> $GITHUB_STEP_SUMMARY
          echo '```' >> $GITHUB_STEP_SUMMARY

      - if: ${{ steps.diff.outputs.diff != '' }}
        name: Add comment
        uses: mshick/add-pr-comment@v2
        with:
          repo-token: "${{ steps.app-token.outputs.token }}"
          message-id: "${{ github.event.pull_request.number }}/${{ matrix.paths }}/${{ matrix.resources }}"
          message-failure: Diff was not successful
          message: |
            ```diff
            ${{ steps.diff.outputs.diff }}
            ```

  # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7
  flux-diff-success:
    if: ${{ always() }}
    needs: ["flux-diff"]
    name: Flux Diff Successful
    runs-on: ubuntu-latest
    steps:
      - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
        name: Check matrix status
        run: exit 1