action.yml

name: Automate Helm Chart Updates
description: A reusable GitHub Action to update Helm chart values with the latest ECR image tag.
inputs:
  repository-name:
    description: "ECR repository name (e.g., testing)."
    required: true
  aws-access-key-id:
    description: "AWS Access Key ID."
    required: true
  aws-secret-access-key:
    description: "AWS Secret Access Key."
    required: true
  aws-region:
    description: "AWS Region (e.g., us-east-1)."
    required: true
  aws-account-id:
    description: "AWS Account ID (e.g., 123456789012)."
    required: true
  helm-chart-path:
    description: "Path to the Helm chart values file."
    required: true
  github-token:
    description: "GitHub token for authentication."
    required: true
  slack-webhook-url:
    description: "Slack Webhook URL for notifications."
    required: false

runs:
  using: "composite"
  steps:
    - name: Fetch Latest Tag and Update Helm Chart
      shell: bash
      run: |
        set -euo pipefail

        # Fetch the latest tag
        echo "Fetching the latest tag for repository: ${{ inputs.repository-name }}"
        
        LATEST_TAG=$(aws ecr describe-images \
                      --repository-name "${{ inputs.repository-name }}" \
                      --registry-id "${{ inputs.aws-account-id }}" \
                      --region "${{ inputs.aws-region }}" \
                      --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageTags[0]' | jq . --raw-output)

        if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" == "null" ]; then
            echo "No valid tags found for the latest image in ECR." && exit 1
        fi

        echo "Fetched latest tag: $LATEST_TAG"

        # Authenticate Docker with ECR
        echo "Authenticating Docker with ECR..."
        aws ecr get-login-password --region "${{ inputs.aws-region }}" | docker login --username AWS --password-stdin "${{ inputs.aws-account-id }}.dkr.ecr.${{ inputs.aws-region }}.amazonaws.com"
        
        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
        chmod +x get_helm.sh
        ./get_helm.sh

        echo "Debugging Helm values file (before):"
        cat "${{ inputs.helm-chart-path }}"

        # Update Helm chart values
        echo "Updating Helm chart values at: ${{ inputs.helm-chart-path }}"
        sed -i "s/^  tag: .*/  tag: $LATEST_TAG/" "${{ inputs.helm-chart-path }}"
        helm lint $(dirname "${{ inputs.helm-chart-path }}") --values "${{ inputs.helm-chart-path }}"

        # Commit and push changes
        echo "Preparing Git commit..."
        if git diff --quiet "${{ inputs.helm-chart-path }}"; then
            echo "No changes detected in the Helm chart. Exiting."
            exit 0
        fi
        # git remote set-url origin https://x-access-token:${{ inputs.GITHUB_TOKEN }}@github.com/${{ github.repository }}

        git config user.name "GitHub Actions Bot"
        git config user.email "actions@github.com"
        BRANCH_NAME="update-helm-tag-$(date +%s)"
        git checkout -b "$BRANCH_NAME"
        echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
        git add "${{ inputs.helm-chart-path }}"
        git commit -m "Update Helm chart tag to $LATEST_TAG"
        git push origin "$BRANCH_NAME"

    # - name: Send Notification to Slack
    #   if: success() || failure()
    #   uses: rtCamp/action-slack-notify@v2
    #   with:
    #     webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
    #     message: >
    #       ${{ github.event_name }} event triggered for branch ${{ env.BRANCH_NAME }}.
    #       Helm Chart tag updated to $LATEST_TAG.
    #       Status: ${{ job.status }}.