---
name: update-script-bundle
on:
  workflow_dispatch:
permissions:
  contents: read
jobs:
  build-script-bundle:
    name: Build Script Bundle
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
      with:
        fetch-depth: 0
    - name: Add pwd to git safe dir
      run: git config --global --add safe.directory `pwd`
    - name: Install Pixie CLI
      run: |
        jq_script=(
          '.[] | '
          'select(.name == "cli") | '
          '.artifact | '
          'map(select(.versionStr | contains("-") | not))[0] | '
          '.availableArtifactMirrors[] | '
          'select(.artifactType == "AT_LINUX_AMD64") | '
          '.urls[0]'
        )
        download_link=$(curl -fssL "https://artifacts.px.dev/artifacts/manifest.json" | jq "${jq_script[*]}" -r )
        curl -fssL "${download_link}" -o px
        chmod +x px
    - name: Build bundle
      shell: bash
      run: |
        export PATH="$PATH:$(pwd)"
        cd src/pxl_scripts
        make bundle-oss.json
    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
      with:
        name: bundle
        path: src/pxl_scripts/bundle-oss.json
  update-gh-pages-bundle:
    name: Update bundle in gh-pages
    runs-on: ubuntu-latest
    needs: build-script-bundle
    concurrency: gh-pages
    permissions:
      contents: write
    steps:
    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
      with:
        fetch-depth: 0
        ref: gh-pages
    - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093  # v4.3.0
    - name: Import GPG key
      env:
        BUILDBOT_GPG_KEY_B64: ${{ secrets.BUILDBOT_GPG_KEY_B64 }}
      run: |
        echo "${BUILDBOT_GPG_KEY_B64}" | base64 --decode | gpg --no-tty --batch --import
    - name: Setup git
      shell: bash
      env:
        BUILDBOT_GPG_KEY_ID: ${{ secrets.BUILDBOT_GPG_KEY_ID }}
      run: |
        git config --global user.name 'pixie-io-buildbot'
        git config --global user.email 'build@pixielabs.ai'
        git config --global user.signingkey "${BUILDBOT_GPG_KEY_ID}"
        git config --global commit.gpgsign true
    - name: Push to gh-pages
      shell: bash
      env:
        GH_TOKEN: ${{ secrets.BUILDBOT_GH_API_TOKEN }}
        GIT_SSH_COMMAND: "ssh -i /tmp/ssh.key"
      run: |
        mkdir -p pxl_scripts
        cp bundle/bundle-oss.json pxl_scripts/bundle.json

        git add pxl_scripts/bundle.json
        if [[ $(git status --porcelain=v1 --untracked-files=no | wc -l) -eq 0 ]]; then
          echo "No updates to script bundle, exiting."
          exit 0
        fi
        git commit -s -m "Update PxL script bundle"
        git push origin "gh-pages"