From 32d575b4e908f9fe82284da80d3680e9c232ab1f Mon Sep 17 00:00:00 2001
From: Ludy <Ludy87@users.noreply.github.com>
Date: Thu, 21 Nov 2024 21:00:12 +0100
Subject: [PATCH] try to reduce the permission; update only translation files
 (#2291)

---
 .github/workflows/check_properties.yml | 31 ++++++--------------------
 1 file changed, 7 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml
index 334e59be..2790bb48 100644
--- a/.github/workflows/check_properties.yml
+++ b/.github/workflows/check_properties.yml
@@ -6,14 +6,10 @@ on:
     paths:
       - "src/main/resources/messages_*.properties"
   push:
+    branches: ["main"]
     paths:
       - "src/main/resources/messages_en_GB.properties"
 
-# Permissions required for the workflow
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
   check-files:
     if: github.event_name == 'pull_request_target'
@@ -90,7 +86,7 @@ jobs:
             --actor ${{ github.event.pull_request.user.login }} \
             --reference-file "${REFERENCE_FILE}" \
             --branch "${BRANCH_PATH}" \
-            --files ${CHANGED_FILES} > failure.txt || true
+            --files "${CHANGED_FILES[@]}" > failure.txt || true
 
       - name: Capture output
         id: capture-output
@@ -150,26 +146,11 @@ jobs:
               console.log("Comment update attempt denied. Actor does not match.");
             }
 
-      # - name: Set up git config
-      #   run: |
-      #     git config --global user.name "github-actions[bot]"
-      #     git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-      # - name: Add translation keys
-      #   run: |
-      #     cd ${{ env.BRANCH_PATH }}
-      #     git add src/main/resources/messages_*.properties
-      #     git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
-      #     git commit -m "Update translation files" || echo "No changes to commit"
-      # - name: Push
-      #   if: env.CHANGES_DETECTED == 'true'
-      #   run: |
-      #     cd pr-branch
-      #     git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git
-      #     git push origin ${{ github.head_ref }} || echo "Push failed: possibly no changes to push"
-
   update-translations-main:
     if: github.event_name == 'push'
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -210,6 +191,8 @@ jobs:
           signoff: true
           branch: update_translation_files
           title: "Update translation files"
+          add-paths: |
+            src/main/resources/messages_*.properties
           body: |
             Auto-generated by [create-pull-request][1]