name: License Report Workflow

on:
  push:
    branches:
      - main
    paths:
      - "build.gradle"

permissions:
  contents: read

jobs:
  generate-license-report:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
        with:
          egress-policy: audit

      - name: Generate GitHub App Token
        id: generate-token
        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
          
      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up JDK 17
        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
        with:
          java-version: "17"
          distribution: "adopt"

      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

      - name: Run Gradle Command
        run: ./gradlew clean generateLicenseReport

      - name: Move and Rename License File
        run: |
          mv build/reports/dependency-license/index.json src/main/resources/static/3rdPartyLicenses.json

      - name: Set up git config
        run: |
          git config --global user.name "stirlingbot[bot]"
          git config --global user.email "1113334+stirlingbot[bot]@users.noreply.github.com"

      - name: Run git add
        run: |
          git add src/main/resources/static/3rdPartyLicenses.json
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV

      - name: Create Pull Request
        id: cpr
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
        with:
          token: ${{ steps.generate-token.outputs.token }}
          commit-message: "Update 3rd Party Licenses"
          committer: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>"
          author: "stirlingbot[bot] <1113334+stirlingbot[bot]@users.noreply.github.com>"
          signoff: true
          branch: update-3rd-party-licenses
          title: "Update 3rd Party Licenses"
          body: |
            Auto-generated by StirlingBot
          labels: licenses,github-actions
          draft: false
          delete-branch: true
          sign-commits: true

      - name: Enable Pull Request Automerge
        if: steps.cpr.outputs.pull-request-operation == 'created'
        run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}