name: Upload ArtifactHub Metadata

on:
  schedule:
    - cron: '0 3 1 * *'
  workflow_dispatch:

jobs:
  upload-metadata:
    name: "Upload artifacthub-repo.yml to OCI registry"
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v6.0.2
    - uses: docker/login-action@v3.7.0
      with:
        registry: ${{ github.server_url }}
        username: ${{ github.repository_owner }}
        password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
    - uses: oras-project/setup-oras@v1.2.4
      with:
        version: 1.3.0 # renovate: datasource=github-tags depName=oras-project/oras extractVersion='^v?(?<version>.*)$'
    - name: Extract meta information
      run: |
        echo "GITEA_SERVER_HOSTNAME=$(echo "${GITHUB_SERVER_URL}" | cut -d '/' -f 3)" >> $GITHUB_ENV
        echo "PACKAGE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
        echo "REPOSITORY_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 2 | sed --regexp-extended 's/-charts?//g')" >> $GITHUB_ENV
        echo "REPOSITORY_OWNER=$(echo ${GITHUB_REPOSITORY} | cut -d '/' -f 1)" >> $GITHUB_ENV
    - name: Push artifacthub-repo.yml
      run: |
        oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:artifacthub.io \
          --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
          artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml
    - name: Push public cosign key
      env:
        COSIGN_PUBLIC_KEY: ${{ vars.COSIGN_PUBLIC_KEY }}
      run: |
        echo "${COSIGN_PUBLIC_KEY}" > cosign.pub
        oras push ${GITEA_SERVER_HOSTNAME}/${REPOSITORY_OWNER}/${REPOSITORY_NAME}:cosign.pub \
          --artifact-type application/vnd.dev.cosign.public-key.v1 \
          --annotation org.opencontainers.image.title=cosign.pub \
          cosign.pub:application/vnd.dev.cosign.public-key.v1