name: Update Elastic release

on:
  schedule:
    - cron: '0 0 * * 0'  # At 00:00 every Sunday

jobs:

  check-and-update:
    name: Check and update Elastic release
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:
          - release: 8.x
            branch: main
          - release: 8.x
            branch: tls
          - release: 7.x
            branch: release-7.x

    steps:
      - uses: actions/setup-node@v3
      - run: npm install semver

      - name: Get latest release version
        uses: actions/github-script@v6
        id: get-latest-release
        with:
          script: |
            const semver = require('semver')

            const latestVersion = await github.
              paginate(github.rest.repos.listReleases, {
                owner: 'elastic',
                repo: 'elasticsearch'
              })
              .then(releases => {
                for (const release of releases) {
                  // Results are returned sorted by created_at, so it is safe to assume
                  // that the first encountered match is also the series' latest release.

                  const version=semver.clean(release.tag_name)

                  if (semver.satisfies(version, '${{ matrix.release }}')) {
                    return version
                  }
                }
              });

            if (latestVersion) {
              // Return an object so that the result can be handled as structured data
              // instead of a quoted string in subsequent steps.
              return { version: latestVersion }
            }

      - uses: actions/checkout@v4
        if: steps.get-latest-release.outputs.result
        with:
          ref: ${{ matrix.branch }}

      - name: Update stack version
        id: update-files
        if: steps.get-latest-release.outputs.result
        run: |
          source .env
          cur_ver="$ELASTIC_VERSION"
          new_ver=${{ fromJson(steps.get-latest-release.outputs.result).version }}

          # Escape period characters so sed interprets them literally
          cur_ver="${cur_ver//./\\.}"

          declare -a upd_files=( .env README.md )
          if [ -f tls/README.md ]; then
              upd_files+=( tls/README.md )
          fi

          sed -i "s/${cur_ver}/${new_ver}/g" "${upd_files[@]}"

          git_status="$(git status --porcelain)"
          if [[ ${git_status} ]]; then
              echo -e 'Changes to be committed:\n'
              echo "${git_status}"
              echo 'has_changes=true' >>"$GITHUB_OUTPUT"
          fi

      - name: Impersonate update bot
        uses: tibdex/github-app-token@v1
        id: generate-token
        if: steps.update-files.outputs.has_changes
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PRIVATE_KEY }}

      - name: Send pull request to update to new version
        if: steps.update-files.outputs.has_changes
        uses: peter-evans/create-pull-request@v5
        with:
          token: ${{ steps.generate-token.outputs.token }}
          branch: update/${{ matrix.branch }}
          commit-message: Update to v${{ fromJson(steps.get-latest-release.outputs.result).version }}
          title: Update to v${{ fromJson(steps.get-latest-release.outputs.result).version }}
          delete-branch: true