# inspired by https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
name: Deploy SwaggerEditor@next to Rancher🚢

on:
  workflow_run:
    workflows: ["Build & Push SwaggerEditor@next Docker image"]
    types:
      - completed

jobs:

  deploy:
    if: github.event.workflow_run.conclusion == 'success'
    name: Deploy SwaggerEditor@next to Rancher
    runs-on: ubuntu-latest

    steps:
      - name: Deploy Rancher🚢
        run: |
          ts="$(date +'%Y-%m-%dT%H:%M:%SZ' --utc)"
          curl -s -D /dev/stderr -X PATCH \
            -H "Authorization: Bearer ${RANCHER_BEARER_TOKEN}" \
            -H 'Content-Type: application/strategic-merge-patch+json' \
            "${RANCHER_URL}/k8s/clusters/${RANCHER_CLUSTER_ID}/apis/apps/v1/namespaces/${RANCHER_NAMESPACE}/${RANCHER_K8S_OBJECT_TYPE}/${RANCHER_K8S_OBJECT_NAME}" \
            -d "{\"spec\": {\"template\": {\"metadata\": {\"annotations\": {\"cattle.io/timestamp\": \"${ts}\"}}}}}"
        env:
          RANCHER_BEARER_TOKEN: ${{ secrets.RANCHER_BEARER_TOKEN }}
          RANCHER_CLUSTER_ID: 'c-n8zp2'
          RANCHER_NAMESPACE: 'swagger-oss'
          RANCHER_K8S_OBJECT_TYPE: 'daemonsets'
          RANCHER_URL: ${{ secrets.RANCHER_URL }}
          RANCHER_K8S_OBJECT_NAME: 'swagger-editor-next'