name: CI/CD

on:
  push:
    branches:
      - main

env:
  REGISTRY: git.chemavx.xyz
  K8S_MANIFESTS_REPO: http://chemavx:${{ secrets.CI_TOKEN }}@gitea.gitea.svc.cluster.local:3000/chemavx/k8s-manifests.git
  GIT_SSL_NO_VERIFY: "true"

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ssl-verify: false

      - name: Set image tag
        id: tag
        run: echo "TAG=${GITHUB_SHA::8}" >> $GITHUB_OUTPUT

      - name: Build and push n8n image
        uses: aevea/action-kaniko@master
        with:
          registry: git.chemavx.xyz
          username: chemavx
          password: ${{ secrets.CI_TOKEN }}
          image: chemavx/n8n
          tag: ${{ steps.tag.outputs.TAG }}
          path: .
          build_file: Dockerfile
          extra_args: --insecure --skip-tls-verify

      - name: Update k8s manifests
        run: |
          TAG=${{ steps.tag.outputs.TAG }}

          git config --global user.email "ci@git.chemavx.xyz"
          git config --global user.name "Gitea CI"

          git clone ${{ env.K8S_MANIFESTS_REPO }} /tmp/k8s-manifests
          cd /tmp/k8s-manifests

          sed -i "s|image: .*n8n.*|image: git.chemavx.xyz/chemavx/n8n:${TAG}|g" \
            n8n/deployment-n8n.yaml
          sed -i "s|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|g" \
            n8n/deployment-n8n.yaml

          git add n8n/deployment-n8n.yaml
          git diff --cached --quiet || git commit -m "ci: update n8n image to ${TAG} [skip ci]"
          git push