name: Deploy TerriaMap

on: push

concurrency:
  group: ${{ github.workflow }}-${{ github.ref || github.run_id  }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  deploy:
    permissions:
      contents: read # to fetch code (actions/checkout)
      statuses: write # to create commit status (ci-deploy.sh)
    if: github.repository_owner == 'TerriaJS'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-node@v6
        with:
          node-version-file: ".nvmrc"
      - uses: google-github-actions/auth@v3
        with:
          credentials_json: "${{ secrets.GCP_CREDENTIALS }}"
      - uses: google-github-actions/setup-gcloud@v3.0.1
      - uses: google-github-actions/get-gke-credentials@v3.0.0
        with:
          cluster_name: ${{ secrets.GKE_CLUSTER }}
          location: ${{ secrets.GKE_LOCATION }}
      - uses: azure/setup-helm@v4
        with:
          version: "v3.3.1"
      - run: bash ./buildprocess/ci-deploy.sh
        env:
          NODE_OPTIONS: --max_old_space_size=4096
          SHARE_S3_ACCESS_KEY_ID: ${{ secrets.SHARE_S3_ACCESS_KEY_ID }}
          SHARE_S3_SECRET_ACCESS_KEY: ${{ secrets.SHARE_S3_SECRET_ACCESS_KEY }}
          FEEDBACK_GITHUB_TOKEN: ${{ secrets.FEEDBACK_GITHUB_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      # Upload new yarn.lock file (as it may change after `sync-dependencies`)
      - uses: actions/upload-artifact@v7
        if: always()
        with:
          name: yarn.lock
          path: yarn.lock