name: "add-ca-truststore"
description: 'Github action to add a root certificate to a java truststore'
branding:
  icon: upload
  color: blue
inputs:
  ca-cert:
    description: 'root certificate to add to the truststore'
    required: true
  alias-name:
    description: "alias name of the new added certificate, if not provided a random name is generate, beware with random name generated certificate is always inserted even if it already exist"
    required: false
    default: ""
  store-path:
    description: "java store path usually end with /cacert"
    required: true
  store-password:
    description: "java store password"
    required: false
    default: "changeit"
  debug:
    description: "show debug information about certificate truststore content"
    required: false
    default: "false"
outputs:
  certificate-alias:
    value: ${{ steps.generate-alias-name.outputs.alias-name }}
    description: "alias name of added certificate, generated if not provided as input"

runs:
  using: "composite"
  steps:
    - name: Generate random pet name
      if: ${{ inputs.alias-name == '' }}
      id: generate-pet-name
      shell: bash
      run: |
        apt update
        apt-get install -y golang-petname
        pet_name=$(golang-petname)
        
        echo "pet-name=$pet_name" >> "$GITHUB_OUTPUT"

    - name: Defined alias name
      id: generate-alias-name
      shell: bash
      run: |
        if [ "T${{ inputs.alias-name }}T" == "TT" ]; then
          echo "alias-name=${{ steps.generate-pet-name.outputs.pet-name }}" >> "$GITHUB_OUTPUT"
        else
          echo "alias-name=${{ inputs.alias-name }}" >> "$GITHUB_OUTPUT"
        fi

    - name: Add certificate ${{ steps.generate-alias-name.outputs.alias-name }} to truststore
      shell: bash
      env:
        does_not_exist_message: "does not exist"
      run: |
        already_exists=$(keytool -list -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }} 2>/dev/null | grep "${{ env.does_not_exist_message }}" || true)
        
        if [ ! -z "$already_exists" ];
        then
          echo "${{ inputs.ca-cert }}" | keytool -import -noprompt -trustcacerts -alias ${{ steps.generate-alias-name.outputs.alias-name }} -keystore ${{ inputs.store-path }} -storepass ${{ inputs.store-password }};
        else
          echo "Certificate ${{ steps.generate-alias-name.outputs.alias-name }} already contained in the truststore";
        fi

    - name: Show added ${{ steps.generate-alias-name.outputs.alias-name }} for debugging
      if: ${{ inputs.debug == 'true' }}
      shell: bash
      run: | 
        keytool -list -cacerts | grep antoine

    - name: List cert for debugging
      if: ${{ inputs.debug == 'true' }}
      shell: bash
      run: |
        keytool -list -cacerts