From 7e14f50ddf4d910a4d6e301b2be39fe8d91d60b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 6 Feb 2026 18:51:28 +0100
Subject: [PATCH] Add deploy to publish-container

---
 publish-container/action.yaml | 125 ++++++++++++++++++++++++++++++----
 1 file changed, 113 insertions(+), 12 deletions(-)

diff --git a/publish-container/action.yaml b/publish-container/action.yaml
index d4895a4..e7a328a 100644
--- a/publish-container/action.yaml
+++ b/publish-container/action.yaml
@@ -16,18 +16,17 @@ inputs:
     description: "Registry owner/organization name, e.g. oceanbox."
     required: true
     default: "oceanbox"
-outputs:
-  image-tag:
-    description: "The container image tag that was published"
-    value: ${{ steps.envvars.outputs.IMAGE_TAG }}
-
-  image-name:
-    description: "Fully qualified container image name"
-    value: ${{ steps.envvars.outputs.IMAGE_NAME }}
-
-  environment:
-    description: "Build environment (Release or Debug)"
-    value: ${{ steps.envvars.outputs.ENV }}
+  deploy:
+    description: "Whether to deploy to manifests repository (staging/prod)"
+    required: false
+    default: "false"
+  manifests-repo:
+    description: "Manifests repository to deploy to"
+    required: false
+    default: "platform/manifests"
+  push-token:
+    description: "Token for pushing to manifests repository"
+    required: false
 runs:
   using: "composite"
   steps:
@@ -97,3 +96,105 @@ runs:
           --tmpdir /tmp/skopeo \
           docker-archive:/tmp/skopeo/docker-image.tar \
           docker://${{ steps.envvars.outputs.IMAGE_NAME }}
+
+    - name: Checkout manifests repository
+      if: inputs.deploy == 'true'
+      uses: actions/checkout@v6
+      with:
+        repository: ${{ inputs.manifests-repo }}
+        path: manifests
+        token: ${{ inputs.push-token }}
+
+    - name: Configure git credentials
+      if: inputs.deploy == 'true'
+      shell: bash
+      run: |
+        cd manifests
+        git config user.name "Gitea Actions"
+        git config user.email "actions@gitea.local"
+        git remote set-url origin https://x-access-token:${{ inputs.push-token }}@git.oceanbox.io/${{ inputs.manifests-repo }}
+
+    - name: Deploy to production
+      if: inputs.deploy == 'true' && github.ref_type == 'tag'
+      shell: bash
+      run: |
+        set -euo pipefail
+        cd manifests/charts/${{ inputs.project }}
+        
+        IMAGE_TAG="${{ steps.envvars.outputs.IMAGE_TAG }}"
+        
+        echo "=== Deploying production with image.tag=$IMAGE_TAG ==="
+        
+        if [ -z "$IMAGE_TAG" ]; then
+          echo "::error::IMAGE_TAG is empty"
+          exit 1
+        fi
+        
+        nix-shell -p yq-go --run '
+          set -euo pipefail
+          yq eval ".image.tag = \"'"$IMAGE_TAG"'\"" -i values.yaml
+          yq eval ".version = \"'"$IMAGE_TAG"'\" | .appVersion = \"'"$IMAGE_TAG"'\"" -i Chart.yaml
+        '
+        
+        echo "=== Git diff ==="
+        git diff values.yaml Chart.yaml
+        
+        git add values.yaml Chart.yaml
+        if git diff --cached --quiet; then
+          echo "No changes to commit"
+          exit 0
+        fi
+        
+        git commit -m "ci(prod): deploy ${{ inputs.project }} $IMAGE_TAG"
+        git push origin main
+
+    - name: Deploy to staging
+      if: inputs.deploy == 'true' && github.ref_type == 'branch' && github.ref_name == 'main'
+      shell: bash
+      run: |
+        set -euo pipefail
+        cd manifests/values/${{ inputs.project }}
+        
+        IMAGE_TAG="${{ steps.envvars.outputs.IMAGE_TAG }}"
+        
+        echo "=== Deploying staging with image.tag=$IMAGE_TAG ==="
+        
+        if [ -z "$IMAGE_TAG" ]; then
+          echo "::error::IMAGE_TAG is empty"
+          exit 1
+        fi
+        
+        # Find and update staging file
+        if [ -f values-staging.yaml ]; then
+          TARGET_FILE="values-staging.yaml"
+        elif [ -f values/values-staging.yaml ]; then
+          TARGET_FILE="values/values-staging.yaml"
+        elif [ -f values/${{ inputs.project }}-staging.yaml ]; then
+          TARGET_FILE="values/${{ inputs.project }}-staging.yaml"
+        elif [ -f values/values-staging.yaml.gotmpl ]; then
+          TARGET_FILE="values/values-staging.yaml.gotmpl"
+        elif [ -f values/${{ inputs.project }}-staging.yaml.gotmpl ]; then
+          TARGET_FILE="values/${{ inputs.project }}-staging.yaml.gotmpl"
+        else
+          echo "::error::No staging values file found"
+          exit 1
+        fi
+        
+        echo "=== Updating $TARGET_FILE ==="
+        
+        nix-shell -p yq-go --run '
+          set -euo pipefail
+          yq eval ".image.tag = \"'"$IMAGE_TAG"'\"" -i "'"$TARGET_FILE"'"
+        '
+        
+        echo "=== Git diff ==="
+        git diff "$TARGET_FILE"
+        
+        git add "$TARGET_FILE"
+        if git diff --cached --quiet; then
+          echo "No changes to commit"
+          exit 0
+        fi
+        
+        git commit -m "ci(staging): deploy ${{ inputs.project }} $IMAGE_TAG"
+        git push origin main