Stirling-PDF/.github/workflows/pre_commit.yml

name: Pre-commit

on:
  workflow_dispatch:
  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  pre-commit:
    runs-on: ubuntu-latest
    env:
      # Prevents sdist builds → no tar extraction
      PIP_ONLY_BINARY: ":all:"
      PIP_DISABLE_PIP_VERSION_CHECK: "1"
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
        with:
          fetch-depth: 0

      - name: Setup GitHub App Bot
        id: setup-bot
        uses: ./.github/actions/setup-bot
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

      - name: Set up Python
        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
        with:
          python-version: 3.12
          cache: 'pip' # caching pip dependencies
          cache-dependency-path: ./.github/scripts/requirements_pre_commit.txt

      - name: Run Pre-Commit Hooks
        run: |
          pip install --require-hashes --only-binary=:all: -r ./.github/scripts/requirements_pre_commit.txt          

      - run: pre-commit run --all-files -c .pre-commit-config.yaml
        continue-on-error: true

      - name: Set up JDK
        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
        with:
          java-version: 17
          distribution: "temurin"

      - name: Build with Gradle
        run: ./gradlew clean build

      - name: git add
        run: |
          git add .
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV          

      - name: Create Pull Request
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
        with:
          token: ${{ steps.setup-bot.outputs.token }}
          commit-message: ":file_folder: pre-commit"
          committer: ${{ steps.setup-bot.outputs.committer }}
          author: ${{ steps.setup-bot.outputs.committer }}
          signoff: true
          branch: pre-commit
          title: "🤖 format everything with pre-commit by ${{ steps.setup-bot.outputs.app-slug }}"
          body: |
            Auto-generated by [create-pull-request][1] with **${{ steps.setup-bot.outputs.app-slug }}**

            [1]: https://github.com/peter-evans/create-pull-request            
          draft: false
          delete-branch: true
          labels: github-actions
          sign-commits: true