name: AUR Package Update Check

on:
  schedule:
    - cron: '0 0 * * *'  # Runs at 00:00 UTC daily
  workflow_dispatch:      # Allows manual trigger

env:
  GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }}
  GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }}
  GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }}
  GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }}

jobs:
  check-updates:
    runs-on: ubuntu-latest
    container: 
      image: archlinux:base-devel
    
    steps:
      - name: Install dependencies
        run: |
          pacman -Syu --noconfirm
          pacman -S --noconfirm git openssh gnupg python python-pip

      - name: Configure SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan github.com >> ~/.ssh/known_hosts
          ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Import GPG key
        run: |
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import
          echo "trust\n5\ny\n" | gpg --command-fd 0 --edit-key ${{ secrets.GPG_KEY_ID }}

      - name: Setup Git config
        run: |
          git config --global user.name "${{ secrets.GIT_AUTHOR_NAME }}"
          git config --global user.email "${{ secrets.GIT_AUTHOR_EMAIL }}"
          git config --global commit.gpgsign true
          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}

      - name: Install Python dependencies
        run: pip install requests semver gitpython pyyaml

      - name: Run update checker
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: python .github/scripts/update-checker.py