name: helm-deploy
description: Deploy a service to Kubernetes via Helm over SSH

inputs:
  service-name:
    description: Helm release name
    required: true
  helm-cluster:
    description: Name of the target Kubernetes cluster to deploy to
    required: true
  overrides-file:
    description: Local path to Helm values override file
    required: false
    default: kubernetes/overrides-pu.yaml
  image-tag:
    description: Docker image tag to deploy
    required: true
  ssh-key:
    description: Private SSH key content
    required: true
  namespace:
    description: Kubernetes namespace
    required: false
    default: dsp
  helm-repo:
    description: Helm chart repository name
    required: false
    default: nexus-helm-repository
  helm-chart:
    description: Chart name in the repo
    required: false
    default: DSP-Blueprint

runs:
  using: composite
  steps:
    - name: Setup SSH key
      shell: bash
      env:
        SSH_KEY: ${{ inputs.ssh-key }}
      run: |
        set -euo pipefail
        SSH_KEY_FILE=$(mktemp)
        printf '%s\n' "$SSH_KEY" > "$SSH_KEY_FILE"
        chmod 600 "$SSH_KEY_FILE"
        echo "SSH_KEY_FILE=$SSH_KEY_FILE" >> "$GITHUB_ENV"

    - name: Map cluster name to target host
      id: map-host
      shell: bash
      env:
        HELM_CLUSTER: ${{ inputs.helm-cluster }}
      run: |
        case "$HELM_CLUSTER" in
          internal_stage) echo "host=dsp1-stage.schmalzgroup.net" ;;
          internal_prod) echo "host=dsp1.schmalzgroup.net" ;;
          *) echo "Invalid cluster '$HELM_CLUSTER'. Must be 'internal_stage' or 'internal_prod'." && exit 1 ;;
        esac >> "$GITHUB_OUTPUT"

    - name: Copy overrides file
      shell: bash
      env:
        HELM_HOST: ${{ steps.map-host.outputs.host }}
        SERVICE_NAME: ${{ inputs.service-name }}
        OVERRIDES_FILE: ${{ inputs.overrides-file }}
      run: |
        set -euo pipefail
        scp -i "$SSH_KEY_FILE" \
          -o StrictHostKeyChecking=no \
          -o BatchMode=yes \
          -o ConnectTimeout=10 \
          "$OVERRIDES_FILE" \
          "root@${HELM_HOST}:/tmp/${SERVICE_NAME}-overrides.yaml"

    - name: Helm deploy
      shell: bash
      env:
        HELM_HOST: ${{ steps.map-host.outputs.host }}
        SERVICE_NAME: ${{ inputs.service-name }}
        NAMESPACE: ${{ inputs.namespace }}
        HELM_REPO: ${{ inputs.helm-repo }}
        HELM_CHART: ${{ inputs.helm-chart }}
        IMAGE_TAG: ${{ inputs.image-tag }}
      run: |
        set -euo pipefail
        ssh -i "$SSH_KEY_FILE" \
          -o StrictHostKeyChecking=no \
          -o BatchMode=yes \
          -o ConnectTimeout=10 \
          -o ServerAliveInterval=30 \
          -o ServerAliveCountMax=5 \
          "root@${HELM_HOST}" \
          "helm repo update && \
           helm upgrade --install --create-namespace \
             -n '${NAMESPACE}' \
             '${SERVICE_NAME}' \
             '${HELM_REPO}/${HELM_CHART}' \
             -f '/tmp/${SERVICE_NAME}-overrides.yaml' \
             --set image.tag='${IMAGE_TAG}' \
             --atomic --debug"

    - name: Cleanup SSH key
      if: always()
      shell: bash
      run: rm -f "$SSH_KEY_FILE"