.github/workflows/main-crossplane.yaml

on:
  workflow_call:
    inputs:
      role_name:
        required: true
        type: string
      role_session_name:
        required: true
        type: string
      aws_region:
        required: false
        type: string
        default: eu-central-1
      working_directory:
        required: true
        type: string
      env:
        required: true
        type: string
      zip_lambda_workflow_step:
        required: true
        type: boolean
      commit_hash:
        required: true
        type: string

permissions:
  id-token: write
  contents: read
  pull-requests: write
  statuses: write

jobs:
  terraform:
    name: Terraform
    runs-on: ubuntu-latest
    timeout-minutes: 15


    defaults:
      run:
        working-directory: ${{ inputs.working_directory }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Configure AWS Credentials
        id: aws
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.role_name }}
          role-session-name: ${{ inputs.role_session_name }}
          aws-region: ${{ inputs.aws_region }}

      - name: Build lambdas
        run: cd  ${{ github.workspace }} &&  make lambda
        if: ${{env.zip_lambda_workflow_step == true}} ||  ${{env.zip_lambda_workflow_step == 'true' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GB_TOKEN_PRIVATE }}
          GOPRIVATE: "github.com/vimeda/*"
          zip_lambda_workflow_step: ${{ inputs.zip_lambda_workflow_step }}

      - name: Upload Build Artifacts
        uses: actions/upload-artifact@v4
        if: ${{env.zip_lambda_workflow_step == true}} ||  ${{env.zip_lambda_workflow_step == 'true' }}
        with:
          name: srv-lambdas
          path: ${{ github.workspace }}/dist/*
          zip_lambda_workflow_step: ${{ inputs.zip_lambda_workflow_step }}

      - uses: actions/download-artifact@v4
        id: download
        if: ${{env.zip_lambda_workflow_step == true}} ||  ${{env.zip_lambda_workflow_step == 'true' }}
        with:
          name: srv-lambdas
          path:  ${{ github.workspace }}/dist
          zip_lambda_workflow_step: ${{ inputs.zip_lambda_workflow_step }}

      - name: Display structure of downloaded files
        run: ls -R
        working-directory: ${{ steps.download.outputs.download-path }}

      - name: Push all functions to Bucket
        if: ${{env.zip_lambda_workflow_step == true}} ||  ${{env.zip_lambda_workflow_step == 'true' }}
        run: |
          cd ${{ github.workspace }}/dist && ls
          for file in "./"/*.zip
          do
            filename=$(basename "$file" .zip)
            function_name=${filename%_lambda}
            aws s3 cp "$file" "s3://${{inputs.env}}-lykon-lambdas/${{ github.event.repository.name}}/$function_name.zip"
          done
        env:
          zip_lambda_workflow_step: ${{ inputs.zip_lambda_workflow_step }}


      - uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: ~1.4

      - uses: actions/download-artifact@v4
        id: downloadscripts
        with:
          name: scripts
          path: ./scripts

      - name: copy scripts to scripts folder in working directory
        run: |
          mkdir ./scripts && ls
          cp -r ${{ github.workspace }}/scripts/.github/workflows ./scripts
        shell: sh

      - name: Install 1Password Cli, patch claim
        run: |
          curl https://cache.agilebits.com/dist/1P/op2/pkg/v2.18.0/op_linux_amd64_v2.18.0.zip > op.zip
          unzip op.zip
          sudo mv op /usr/local/bin
          rm op.zip
          ls
          python -m pip install "ruamel.yaml<0.18.0"

          python  scripts/workflows/scripts/patch.py 
          
          for file in *claims.yaml; do
              if [ -f "$file" ]; then
                  cat $file
              fi
          done
        env:
          OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.STAGING_ONEPASSWORD_SERVICEACCOUNT_TOKEN }}
          VAULT_ID: "errsir3kqd4gdjgaxliofyskey"

      - name: patch claim image uri with commit hash
        id: patch_image_uri_with_commit_hash
        run: |
          find ./ -type f -name "*.yaml" -exec sed -i -e 's/COMMIT_HASH/${{ env.commit_hash }}/g' -e 's/ECR_BASE_URL/279707217826.dkr.ecr.eu-central-1.amazonaws.com\/lykon/g' {} \;
        env:
          TF_WORKSPACE: ${{ inputs.env }}
          commit_hash: ${{ inputs.commit_hash }}

      - name: Terraform apply
        id: apply
        run: |
          echo "${{ secrets.STAGING_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
          export KUBECONFIG=${{ github.workspace }}/kubeconfig.yaml
           cd ${{ github.workspace }}/configs/crossplane && terraform init && terraform -chdir=${{ github.workspace }}/configs/crossplane apply -auto-approve
        env:
          TF_WORKSPACE: ${{ inputs.env }}