name: SnapshotPR
on:
  workflow_run:
    workflows:
      - ApprovalComment
    types:
      - completed
jobs:
  snapshot:
    permissions:
      id-token: write
      pull-requests: write
      statuses: write
    if: github.event.workflow_run.conclusion == 'success'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
      - uses: ./.github/actions/download-artifact
      - id: metadata
        run: |
          pr_number="$(head -n 2 /tmp/artifacts/metadata.txt | tail -n 1)"
          pr_commit="$(tail -n 1 /tmp/artifacts/metadata.txt)"
          echo PR_COMMIT="$pr_commit" >> "$GITHUB_ENV"
          echo PR_NUMBER="$pr_number" >> "$GITHUB_ENV"
      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          ref: ${{ env.PR_COMMIT }}
      - uses: ./.github/actions/commit-status/start
        with:
          name: "${{ github.workflow }} / ${{ github.job }} (pull_request_review)"
          git_ref: ${{ env.PR_COMMIT }}
      - uses: ./.github/actions/install-deps
      - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          role-to-assume: 'arn:aws:iam::${{ vars.SNAPSHOT_ACCOUNT_ID }}:role/${{ vars.SNAPSHOT_ROLE_NAME }}'
          aws-region: ${{ vars.SNAPSHOT_REGION }}
      - run: make snapshot
      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        env:
          SNAPSHOT_ACCOUNT_ID: ${{ vars.SNAPSHOT_ACCOUNT_ID }}
          SNAPSHOT_REGION: ${{ vars.SNAPSHOT_REGION }}
        with:
          script: |
            github.rest.issues.createComment({
              issue_number: process.env.PR_NUMBER,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `Snapshot successfully published to \`oci://${process.env.SNAPSHOT_ACCOUNT_ID}.dkr.ecr.${process.env.SNAPSHOT_REGION}.amazonaws.com/karpenter/snapshot/karpenter:0-${process.env.PR_COMMIT}\`.
            To install you must login to the ECR repo with an AWS account:
            ~~~
            aws ecr get-login-password --region ${process.env.SNAPSHOT_REGION} | docker login --username AWS --password-stdin ${process.env.SNAPSHOT_ACCOUNT_ID}.dkr.ecr.${process.env.SNAPSHOT_REGION}.amazonaws.com
            
            helm upgrade --install karpenter oci://${process.env.SNAPSHOT_ACCOUNT_ID}.dkr.ecr.${process.env.SNAPSHOT_REGION}.amazonaws.com/karpenter/snapshot/karpenter --version "0-${process.env.PR_COMMIT}" --namespace "kube-system" --create-namespace \\
              --set "settings.clusterName=\${CLUSTER_NAME}" \\
              --set "settings.interruptionQueue=\${CLUSTER_NAME}" \\
              --set controller.resources.requests.cpu=1 \\
              --set controller.resources.requests.memory=1Gi \\
              --set controller.resources.limits.cpu=1 \\
              --set controller.resources.limits.memory=1Gi \\
              --wait
            ~~~
            `
            })
      - if: always()
        uses: ./.github/actions/commit-status/end
        with:
          name: "${{ github.workflow }} / ${{ github.job }} (pull_request_review)"
          git_ref: ${{ env.PR_COMMIT }}