name: AUR Package Update Check

on:
  schedule:
    - cron: '0 0 * * *'  # Runs at 00:00 UTC daily
  workflow_dispatch:      # Allows manual trigger

env:
  GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }}
  GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }}
  GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }}
  GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }}

jobs:
  check-versions:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: read
    env:
      CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/aur-updater:latest
    steps:
      # Checkout first, before running in container
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Run in container
        uses: docker://ghcr.io/${{ github.repository }}/aur-updater:latest
        with:
          args: python .github/scripts/check_versions.py
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  update-packages:
    needs: check-versions
    if: needs.check-versions.outputs.updates_needed == 'true'
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: read
    env:
      CONTAINER_IMAGE: ghcr.io/${{ github.repository }}/aur-updater:latest
    steps:
      # Checkout first, before running in container
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Run in container
        uses: docker://ghcr.io/${{ github.repository }}/aur-updater:latest
        with:
          entrypoint: /bin/bash
          args: |
            -c "
            mkdir -p ~/.ssh && \
            echo \"${{ secrets.SSH_PRIVATE_KEY }}\" > ~/.ssh/id_rsa && \
            chmod 600 ~/.ssh/id_rsa && \
            ssh-keyscan github.com >> ~/.ssh/known_hosts && \
            ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts && \
            echo \"${{ secrets.GPG_PRIVATE_KEY }}\" | gpg --import && \
            echo \"trust\n5\ny\n\" | gpg --command-fd 0 --edit-key ${{ secrets.GPG_KEY_ID }} && \
            git config --global user.name \"${{ secrets.GIT_AUTHOR_NAME }}\" && \
            git config --global user.email \"${{ secrets.GIT_AUTHOR_EMAIL }}\" && \
            git config --global commit.gpgsign true && \
            git config --global user.signingkey ${{ secrets.GPG_KEY_ID }} && \
            python .github/scripts/update_packages.py"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          UPDATES_LIST: ${{ needs.check-versions.outputs.updates_list }}