---
# Watch the Gitea OCI registry for the floating `production` tag. Every
# push to the production branch retags the new image as `production`,
# overwriting the previous binding (OCI tag→manifest is single-valued).
# The image's immutable `0.1.<N>` tag stays in the registry as audit.
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
metadata:
  name: cms-plugins-production
  namespace: kotkan
spec:
  image: git.oleks.space/oleks/cms-plugins
  interval: 1m
  secretRef:
    name: gitea-registry-creds
---
# Only the `production` floating tag is in scope. There's at most one
# match at a time, so alphabetical ordering is a no-op — the policy
# just resolves to that single tag's current digest.
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImagePolicy
metadata:
  name: cms-plugins-production
  namespace: kotkan
spec:
  interval: 1m
  imageRepositoryRef:
    name: cms-plugins-production
  filterTags:
    pattern: '^production$'
  # Extract and reflect the resolved digest into helmrelease.yaml.
  # This enables IUA to pin by digest, which makes helm upgrade detect
  # changes when the floating tag is reassigned.
  digestReflectionPolicy: Always
  policy:
    alphabetical:
      order: asc
---
# IUA writes the resolved digest into helmrelease.yaml — pinning by
# digest is what makes `helm upgrade` see a change when the floating
# tag is reassigned (without digest, tag stays `production` literal and
# helm upgrade is a no-op).
#
# NOTE: `sourceRef` must reference a GitRepository that points at
# THIS workloads repo (anton-helm-workloads) with write access. If it
# doesn't exist yet, create one alongside this manifest. The
# emdash-kotkanagrilli equivalent uses `oleks-fleet-image-automation`
# because its HelmReleases live in the fleet repo.
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageUpdateAutomation
metadata:
  name: cms-plugins-production
  namespace: kotkan
spec:
  interval: 1m
  sourceRef:
    kind: GitRepository
    name: anton-workloads-image-automation
    namespace: flux-system
  git:
    checkout:
      ref:
        branch: main
    commit:
      author:
        email: flux-bot@oleks.space
        name: flux-bot
      messageTemplate: |
        chore(cms-plugins-production): pin new digest
        Files:
        {{ range $filename, $_ := .Changed.FileChanges -}}
        - {{ $filename }}
        {{ end -}}
    push:
      branch: main
  update:
    path: ./cms-plugins-production
    strategy: Setters