when:
  event: push

steps:
  diff:
    image: ghcr.io/helmfile/helmfile:canary
    secrets: [sops_age_key, kubeconfig_content]
    when:
      - branch:
          exclude:
            - main
    commands:
      - mkdir $HOME/.kube
      - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
      - helmfile diff --suppress-secrets

  apply:
    image: ghcr.io/helmfile/helmfile:canary
    secrets: [sops_age_key, kubeconfig_content]
    when:
      - branch:
          include:
            - main
    commands:
      - mkdir $HOME/.kube
      - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config
      - helmfile apply