name: AUR Package Update Check

on:
  schedule:
    - cron: '0 0 * * *'  # Runs at 00:00 UTC daily
  workflow_dispatch:      # Allows manual trigger

env:
  GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }}
  GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }}
  GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }}
  GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }}

jobs:
  check-versions:
    runs-on: ubuntu-latest
    container:
      image: archlinux:base-devel
      options: --user root
    permissions:
      contents: read
      packages: read
    
    steps:
      - name: Install dependencies
        run: |
          pacman -Syu --noconfirm
          pacman -S --noconfirm git openssh gnupg python python-pip python-requests python-yaml python-gitpython python-pytest python-pytest-cov

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Check versions
        id: version-check
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: python .github/scripts/check_versions.py

  update-packages:
    needs: check-versions
    if: needs.check-versions.outputs.updates_needed == 'true'
    runs-on: ubuntu-latest
    container:
      image: archlinux:base-devel
      options: --user root
    permissions:
      contents: write
      packages: read
    
    steps:
      - name: Install dependencies
        run: |
          pacman -Syu --noconfirm
          pacman -S --noconfirm git openssh gnupg python python-pip python-requests python-yaml python-gitpython python-pytest python-pytest-cov

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Configure Git and SSH
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          ssh-keyscan github.com >> ~/.ssh/known_hosts
          ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
          
          echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import
          echo "trust\n5\ny\n" | gpg --command-fd 0 --edit-key ${{ secrets.GPG_KEY_ID }}
          
          git config --global user.name "${{ secrets.GIT_AUTHOR_NAME }}"
          git config --global user.email "${{ secrets.GIT_AUTHOR_EMAIL }}"
          git config --global commit.gpgsign true
          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}

      - name: Update packages
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          UPDATES_LIST: ${{ needs.check-versions.outputs.updates_list }}
        run: python .github/scripts/update_packages.py