name: Release Validation

on:
  push:
    tags:
      - 'v*'
  pull_request:
    paths:
      - 'deploy/**'
      - 'scripts/release/**'
  workflow_dispatch:

env:
  DOTNET_VERSION: '10.0.x'
  REGISTRY: ghcr.io
  IMAGE_PREFIX: stellaops

jobs:
  validate-manifests:
    name: Validate Release Manifests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Validate Helm charts
        run: |
          helm lint deploy/helm/stellaops
          helm template stellaops deploy/helm/stellaops --dry-run

      - name: Validate Kubernetes manifests
        run: |
          for f in deploy/k8s/*.yaml; do
            kubectl apply --dry-run=client -f "$f" || exit 1
          done

      - name: Check required images exist
        run: |
          REQUIRED_IMAGES=(
            "concelier"
            "scanner"
            "authority"
            "signer"
            "attestor"
            "excititor"
            "policy"
            "scheduler"
            "notify"
          )
          for img in "${REQUIRED_IMAGES[@]}"; do
            echo "Checking $img..."
            # Validate Dockerfile exists
            if [ ! -f "src/${img^}/Dockerfile" ] && [ ! -f "deploy/docker/${img}/Dockerfile" ]; then
              echo "Warning: Dockerfile not found for $img"
            fi
          done

  validate-checksums:
    name: Validate Artifact Checksums
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Verify SHA256SUMS files
        run: |
          find . -name "SHA256SUMS" -type f | while read f; do
            dir=$(dirname "$f")
            echo "Validating $f..."
            cd "$dir"
            if ! sha256sum -c SHA256SUMS --quiet 2>/dev/null; then
              echo "Warning: Checksum mismatch in $dir"
            fi
            cd - > /dev/null
          done

  validate-schemas:
    name: Validate Schema Integrity
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install ajv-cli
        run: npm install -g ajv-cli ajv-formats

      - name: Validate JSON schemas
        run: |
          for schema in docs/schemas/*.schema.json; do
            echo "Validating $schema..."
            ajv compile -s "$schema" --spec=draft2020 || echo "Warning: $schema validation issue"
          done

  release-notes:
    name: Generate Release Notes
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/v')
    needs: [validate-manifests, validate-checksums, validate-schemas]
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Generate changelog
        run: |
          PREV_TAG=$(git describe --abbrev=0 --tags HEAD^ 2>/dev/null || echo "")
          if [ -n "$PREV_TAG" ]; then
            echo "## Changes since $PREV_TAG" > RELEASE_NOTES.md
            git log --pretty=format:"- %s (%h)" "$PREV_TAG"..HEAD >> RELEASE_NOTES.md
          else
            echo "## Initial Release" > RELEASE_NOTES.md
          fi

      - name: Upload release notes
        uses: actions/upload-artifact@v4
        with:
          name: release-notes
          path: RELEASE_NOTES.md