Stirling-PDF/.github/workflows/pre_commit.yml

name: Pre-commit

on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * 1"

permissions:
  contents: read

jobs:
  pre-commit:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
        with:
          egress-policy: audit

      - name: Generate GitHub App Token
        id: generate-token
        uses: actions/create-github-app-token@67e27a7eb7db372a1c61a7f9bdab8699e9ee57f7 # v1.11.3
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

      - name: Get GitHub App User ID
        id: get-user-id
        run: echo "user-id=$(gh api "/users/${{ steps.generate-token.outputs.app-slug }}[bot]" --jq .id)" >> $GITHUB_OUTPUT
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}

      - id: committer
        run: |
          echo "string=${{ steps.generate-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com>"  >> "$GITHUB_OUTPUT"

      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
        with:
          python-version: 3.12
          cache: 'pip' # caching pip dependencies
      - name: Run Pre-Commit Hooks
        run: |
          pip install --require-hashes -r ./.github/scripts/requirements_pre_commit.txt
      - run: pre-commit run --all-files -c .pre-commit-config.yaml
        continue-on-error: true
      - name: Set up git config
        run: |
          git config --global user.name ${{ steps.generate-token.outputs.app-slug }}[bot]
          git config --global user.email "${{ steps.get-user-id.outputs.user-id }}+${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com"
      - name: git add
        run: |
          git add .
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
      - name: Create Pull Request
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
        with:
          token: ${{ steps.generate-token.outputs.token }}
          commit-message: ":file_folder: pre-commit"
          committer: ${{ steps.committer.outputs.string }}
          author: ${{ steps.committer.outputs.string }}
          signoff: true
          branch: pre-commit
          title: "🤖 format everything with pre-commit by <${{ steps.generate-token.outputs.app-slug }}>"
          body: |
            Auto-generated by [create-pull-request][1] with **${{ steps.generate-token.outputs.app-slug }}**

            [1]: https://github.com/peter-evans/create-pull-request
          draft: false
          delete-branch: true
          labels: github-actions
          sign-commits: true