# SPDX-FileCopyrightText: the secureCodeBox authors
#
# SPDX-License-Identifier: Apache-2.0

# The CI runs on ubuntu-24.04; More info about the installed software is found here:
# https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md

name: "Update Helm Docs"
on:
  push:
    branches:
      - main

permissions:
  contents: write

env:
  # renovate: datasource=github-releases depName=go-task/task
  TASK_VERSION: "3.51.1"

jobs:
  helm-docs:
    runs-on: ubuntu-24.04
    if: github.repository == 'secureCodeBox/secureCodeBox'
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.head_ref }}
          token: ${{ secrets.SCB_BOT_USER_TOKEN }}

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
        with:
          gpg_private_key: ${{ secrets.GPG_COMMITS_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_COMMITS_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_committer_name: secureCodeBoxBot
          git_committer_email: securecodebox@iteratec.com

      - name: Install Task
        uses: go-task/setup-task@3be4020d41929789a01026e0e427a4321ce0ad44 # v2.0.0
        with:
          version: ${{ env.TASK_VERSION }}

      - name: Download Helm Docs
        run: |
          mkdir helm-docs
          cd helm-docs

          curl --output helm-docs.tar.gz --location https://github.com/norwoodj/helm-docs/releases/download/v1.6.0/helm-docs_1.6.0_Linux_x86_64.tar.gz
          # Checksum must be extracted from the checksum file every time helm-docs gets updated.
          echo "286723d931c18581fc324985cb96e9cce639e521fa63b57ac04ebe9d497e60fb  helm-docs.tar.gz" | shasum --check

          tar -xvf helm-docs.tar.gz
          # Verify installation
          ./helm-docs --version

          sudo mv helm-docs /usr/local/bin/helm-docs

      - name: Generate README
        run: |
          task readme
      - name: Generate Demo Target Docs
        run: task demo-target-docs

      - name: Generate Hooks Docs
        run: task hook-docs

      - name: Generate Scanner Docs
        run: task scanner-docs

      - name: Generate Operator Docs
        run: task operator-docs

      - name: Generate AutoDiscovery Docs
        run: task auto-discovery-docs

      - name: Remove Helm Docs Files
        run: |
          # Remove helm-docs download to ensure they don't get committed back
          rm -rf helm-docs

      - name: Update Helm Docs
        run: |
          git add "**/*.md"
          git commit -sS -m "Updating Helm Docs" || true
          git push