# inspired by rhinstaller/anaconda

name: Trigger GitLab CI

on:
  workflow_run:
    workflows: ["Checks"]
    types: [completed]

jobs:
  trigger-gitlab:
    if: ${{ github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-24.04
    env:
      IMAGEBUILDER_BOT_GITLAB_SSH_KEY: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_SSH_KEY }}
    steps:
      - name: Report status
        uses: haya14busa/action-workflow_run-status@v1

      - name: Install Dependencies
        run: |
          sudo apt install -y jq

      - name: Clone repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.workflow_run.head_sha }}
          fetch-depth: 0

      - uses: octokit/request-action@v2.x
        id: fetch_pulls
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          route: GET /repos/${{ github.repository }}/pulls

      - name: Checkout branch
        env:
          BRANCH: ${{ github.event.workflow_run.head_branch }}
        run: |
          PR_DATA=$(mktemp)
          # use uuid as a file terminator to avoid conflicts with data content
          cat > "$PR_DATA" <<'a21b3e7f-d5eb-44a3-8be0-c2412851d2e6'
          ${{ steps.fetch_pulls.outputs.data }}
          a21b3e7f-d5eb-44a3-8be0-c2412851d2e6

          PR=$(jq -rc '.[] | select(.head.sha | contains("${{ github.event.workflow_run.head_sha }}")) | select(.state | contains("open"))' "$PR_DATA" | jq -r .number)
          if [ ! -z "$PR" ]; then
            git checkout -b PR-$PR
          else
            git checkout "${BRANCH}"
          fi

      - name: Push to gitlab
        run: |
          mkdir -p ~/.ssh
          echo "${IMAGEBUILDER_BOT_GITLAB_SSH_KEY}" > ~/.ssh/id_rsa
          chmod 400 ~/.ssh/id_rsa
          touch ~/.ssh/known_hosts
          ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
          git remote add ci git@gitlab.com:redhat/services/products/image-builder/ci/osbuild.git
          git push -f ci
          git push -f --tags ci