apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
  name: {{ include "common.names.fullname" . }}
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
  selector:
     matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }}
  strategy:
    {{- if eq .Values.rollout.strategy.type "BlueGreen" }}
    blueGreen:
      activeService: {{ default (include "common.names.fullname" .) .Values.rollout.strategy.blueGreen.activeService | quote }}
      previewService: {{ default (include "common.names.suffixedName" (dict "root" . "suffix" "preview")) .Values.rollout.strategy.blueGreen.previewService | quote }}
      autoPromotionEnabled: {{ .Values.rollout.strategy.blueGreen.autoPromotionEnabled }}
      previewReplicaCount: {{ .Values.rollout.strategy.blueGreen.previewReplicaCount }}
      antiAffinity:
        {{- .Values.rollout.strategy.blueGreen.antiAffinity | toYaml | nindent 8 }}
      scaleDownDelaySeconds: {{ .Values.rollout.strategy.blueGreen.scaleDownDelaySeconds }}
      # Add additional Blue-Green specific configurations here as needed
    {{- else if eq .Values.rollout.strategy.type "Canary" }}
    canary:
      {{- toYaml .Values.rollout.strategy.canary | nindent 6 }}
    {{- else if eq .Values.rollout.strategy.type "RollingUpdate" }}
    rollingUpdate:
      {{- toYaml .Values.rollout.strategy.rollingUpdate | nindent 6 }}
    {{- end }}
  template:
    metadata:
      annotations:
        {{- toYaml .Values.podAnnotations | nindent 8 }}
      labels: {{- include "common.labels.standard" . | nindent 8 }}
    spec:
      imagePullSecrets:
        {{- toYaml .Values.image.pullSecrets | nindent 8 }}
      volumes:
      - name: jwt
        secret:
          secretName: {{ .Values.application.jwt.secretName }}
      containers:
        - name: {{ .Chart.Name }}
          securityContext:
            readOnlyRootFilesystem: true
            runAsUser: 1000
            runAsGroup: 1000
            runAsNonRoot: true
            allowPrivilegeEscalation: false
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: 4000
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
          {{- if .Values.application.jwt.enabled }}
          - name: jwt
            mountPath: /secrets/jwk.json
            subPath: {{ .Values.application.jwt.jwkSecretKey }}
            readOnly: true
          - name: jwt
            mountPath: /secrets/jwk-old.json
            subPath: {{ .Values.application.jwt.jwkOldSecretKey }}
            readOnly: true
          {{- end }}
          env:
            - name: LOGLEVEL
              value: {{ .Values.application.logLevel }}
            - name: LOG_REQUESTS
            {{- if .Values.application.jwt.enabled }}
              value: {{ .Values.application.logRequests | quote }}
            - name: JWK_FILE
              value: /secrets/jwk.json
            - name: OLDJWK_FILE
              value: /secrets/jwk-old.json
            {{- end }}
            {{- if .Values.application.pg.enabled }}
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.application.pg.dsnSecretName }}
                  key: {{ .Values.application.pg.dsnSecretKey }}
            {{- end }}
            {{- if .Values.application.hasura.enabled }}
            - name: HASURA_GRAPHQL_URL
              value: {{ .Values.application.hasura.graphqlUrl }}
            - name: HASURA_WEB_HOOK_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.application.hasura.webhookSecretName }}
                  key: {{ .Values.application.hasura.webhookSecretKey }}
            - name: HASURA_GRAPHQL_ADMIN_SECRET
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.application.hasura.adminSecretName }}
                  key: {{ .Values.application.hasura.adminSecretKey }}
            {{- end }}
            {{- if .Values.application.amqp.enabled }}
            - name: AMQP_URL
              valueFrom:
                secretKeyRef:
                  name: {{ .Values.application.amqp.dsnSecretName }}
                  key: {{ .Values.application.amqp.dsnSecretKey }}
            {{- end }}
            {{- if .Values.extraEnv }}
            {{ .Values.extraEnv | toYaml | nindent 12 }}
            {{- end }}
      nodeSelector:
        {{- toYaml .Values.nodeSelector | nindent 8 }}
      affinity:
        {{- toYaml .Values.affinity | nindent 8 }}
      tolerations:
        {{- toYaml .Values.tolerations | nindent 8 }}