name: Update Alerting Module

on:
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  update-grafana:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4 # 4.2.2
        with:
          persist-credentials: false
      - name: Check if update branch exists
        run: |
          if git ls-remote --heads origin update-alerting-module | grep -q 'update-alerting-module'; then
            echo "Branch 'update-alerting-module' already exists. There might be an open PR with Grafana updates."
            echo "Please review and merge/close the existing PR before running this workflow again."
            exit 1
          fi

      - name: Setup Go
        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # 5.3.0
        with:
          "go-version-file": "go.mod"

      - name: Extract current commit hash of alerting module
        id: current-commit
        run: |
          FROM_COMMIT=$(go list -m -json github.com/grafana/alerting | jq -r '.Version' | grep -oP '(?<=-)[a-f0-9]+$')
          echo "from_commit=$FROM_COMMIT" >> "$GITHUB_OUTPUT"

      - name: Get current branch name
        id: current-branch-name
        run: echo "name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_OUTPUT"

      - name: Get latest commit
        id: latest-commit
        env:
          GH_TOKEN: ${{ github.token }}
          BRANCH: ${{ steps.current-branch-name.outputs.name }}
        run: |
          TO_COMMIT="$(gh api repos/grafana/alerting/commits/"$BRANCH" --jq '.sha')"
           if [ -z "$TO_COMMIT" ]; then
            echo "Branch $BRANCH not found in alerting repo, falling back to main branch"
            exit 1
          fi
          echo "to_commit=$TO_COMMIT" >> "$GITHUB_OUTPUT"

      - name: Compare commit hashes
        run: |
          FROM_COMMIT="${{ steps.current-commit.outputs.from_commit }}"
          TO_COMMIT="${{ steps.latest-commit.outputs.to_commit }}"
          
          # Compare just the length of the shorter hash
          SHORT_TO_COMMIT="${TO_COMMIT:0:${#FROM_COMMIT}}"
          
          if [ "$FROM_COMMIT" = "$SHORT_TO_COMMIT" ]; then
            echo "Current version ($FROM_COMMIT) is already at latest ($SHORT_TO_COMMIT). No update needed."
            exit 0
          fi
          echo "Updates available: $FROM_COMMIT -> $TO_COMMIT"

      - name: Check for commit history
        id: check-commits
        env:
          GH_TOKEN: ${{ github.token }}
          FROM_COMMIT: ${{ steps.current-commit.outputs.from_commit }}
          TO_COMMIT: ${{ steps.latest-commit.outputs.to_commit }}
        run: |
          # get all commits that contains 'Alerting:' in the message
          ALERTING_COMMITS="$(gh api repos/grafana/alerting/compare/"$FROM_COMMIT"..."$TO_COMMIT" \
            --jq '.commits[].commit.message | split("\n")[0]')" || true

          # Use printf instead of echo -e for better multiline handling
          printf "%s\n" "$ALERTING_COMMITS"

          # make the list for markdown and replace PR numbers with links
          ALERTING_COMMITS_FORMATTED="$(echo "$ALERTING_COMMITS" | while read -r line; do echo "- $line" | sed -E 's/\(#([0-9]+)\)/[#\1](https:\/\/github.com\/grafana\/grafana\/pull\/\1)/g'; done)"

          {
            echo "alerting_commits<<EOF"
            echo "$ALERTING_COMMITS_FORMATTED"
            echo "EOF"
          } >> "$GITHUB_OUTPUT"

      - name: Update alerting module
        env:
          GOSUMDB: off
          PINNED_COMMIT: ${{ steps.latest-commit.outputs.to_commit }}
        run: |
          go get github.com/grafana/alerting@"$PINNED_COMMIT"
          make update-workspace

      - id: get-secrets
        uses: grafana/shared-workflows/actions/get-vault-secrets@main # zizmor: ignore[unpinned-uses]
        with:
          repo_secrets: |
            GITHUB_APP_ID=alerting-team:app-id
            GITHUB_APP_PRIVATE_KEY=alerting-team:private-key

      - name: "Generate token"
        id: generate_token
        uses: actions/create-github-app-token@0d564482f06ca65fa9e77e2510873638c82206f2 # 1.11.5
        with:
          app-id: ${{ env.GITHUB_APP_ID }}
          private-key: ${{ env.GITHUB_APP_PRIVATE_KEY }}

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # 7.0.6
        id: create-pr
        with:
          token: '${{ steps.generate_token.outputs.token }}'
          title:  'Alerting: Update alerting module to ${{ steps.latest-commit.outputs.to_commit }}'
          branch: alerting/update-alerting-module
          delete-branch: true
          body: |
            Updates Grafana Alerting module to latest version.

            Compare changes: https://github.com/grafana/alerting/compare/${{ steps.current-commit.outputs.from_commit }}...${{ steps.latest-commit.outputs.to_commit }}
            <details>
            <summary>Commits</summary>

            ${{ steps.check-commits.outputs.alerting_commits }}

            </details>

            Created by: [GitHub Action Job](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
      - name: Add PR URL to Summary
        if: steps.create-pr.outputs.pull-request-url != ''
        env:
          PR_URL: ${{ steps.create-pr.outputs.pull-request-url }}
        run: |
          {
            echo "## Pull Request Created"
            echo "🔗 [View Pull Request]($PR_URL)"
          } >> "$GITHUB_STEP_SUMMARY"