---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Flux Image Test

on:
  pull_request:
    branches: [main]
    paths: [kubernetes/**]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
  cancel-in-progress: true

jobs:
  extract-images:
    name: Extract Images
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    outputs:
      matrix: ${{ steps.extract-images.outputs.images }}
    steps:
      - name: Generate Token
        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
        id: app-token
        with:
          app-id: "${{ secrets.BOT_APP_ID }}"
          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"

      - name: Setup Homebrew
        uses: Homebrew/actions/setup-homebrew@master

      - name: Setup Workflow Tools
        shell: bash
        run: brew install jo yq

      - name: Checkout Default Branch
        uses: actions/checkout@v4
        with:
          token: "${{ steps.app-token.outputs.token }}"
          ref: "${{ github.event.repository.default_branch }}"
          path: default

      - name: Checkout Pull Request Branch
        uses: actions/checkout@v4
        with:
          token: "${{ steps.app-token.outputs.token }}"
          path: pull

      - name: Gather Images in Default Branch
        uses: docker://ghcr.io/allenporter/flux-local:v7.5.4@sha256:72dbdeabca1eb4d1a053c78dfa0d1d8e2a4c4aee2c8d3938db1a382d22b0a6f9
        with:
          args: >-
            get cluster
            --path /github/workspace/default/kubernetes/flux
            --enable-images
            --output yaml
            --output-file default.yaml

      - name: Gather Images in Pull Request Branch
        uses: docker://ghcr.io/allenporter/flux-local:v7.5.4@sha256:72dbdeabca1eb4d1a053c78dfa0d1d8e2a4c4aee2c8d3938db1a382d22b0a6f9
        with:
          args: >-
            get cluster
            --path /github/workspace/pull/kubernetes/flux
            --enable-images
            --output yaml
            --output-file pull.yaml

      - name: Filter Default Branch Results
        shell: bash
        run: |
          yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
              default.yaml > default.txt

      - name: Filter Pull Request Branch Results
        shell: bash
        run: |
          yq -r '[.. | .images? | select(. != null)] | flatten | sort | unique | .[]' \
              pull.yaml > pull.txt

      - name: Compare Default and Pull Request Images
        id: extract-images
        shell: bash
        run: |
          images=$(jo -a $(grep -vf default.txt pull.txt))
          echo "images=${images}" >> $GITHUB_OUTPUT
          echo "${images}"
          echo "### Images" >> $GITHUB_STEP_SUMMARY
          echo "${images}" | jq -r 'to_entries[] | "* \(.value)"' >> $GITHUB_STEP_SUMMARY

  test-images:
    if: ${{ needs.extract-images.outputs.matrix != '[]' }}
    name: Test images
    runs-on: ubuntu-latest
    needs: [extract-images]
    strategy:
      matrix:
        images: ${{ fromJSON(needs.extract-images.outputs.matrix) }}
      max-parallel: 4
      fail-fast: false
    steps:
      - name: Test Images
        run: docker buildx imagetools inspect ${{ matrix.images }}

  # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7
  test-images-success:
    if: ${{ always() }}
    needs: [test-images]
    name: Test Images Successful
    runs-on: ubuntu-latest
    steps:
      - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
        name: Check matrix status
        run: exit 1