name: integration

on:

  pull_request:
    types: [opened, synchronize]

  merge_group:


jobs:
  check-token:
    runs-on: ubuntu-latest
    environment: "test-trigger-is"
    outputs:
      has_token: ${{ steps.set-token-status.outputs.has_token }}
    steps:
      - name: Check if DECO_WORKFLOW_TRIGGER_APP_ID is set
        id: set-token-status
        run: |
          if [ -z "${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}" ]; then
            echo "DECO_WORKFLOW_TRIGGER_APP_ID is empty. User has no access to secrets."
            echo "::set-output name=has_token::false"
          else
            echo "DECO_WORKFLOW_TRIGGER_APP_ID is set. User has access to secrets."
            echo "::set-output name=has_token::true"
          fi

  trigger-tests:
    runs-on: ubuntu-latest
    needs: check-token
    if: github.event_name == 'pull_request'  && needs.check-token.outputs.has_token == 'true'
    environment: "test-trigger-is"

    steps:
    - uses: actions/checkout@v4

    - name: Generate GitHub App Token
      id: generate-token
      uses: actions/create-github-app-token@v1
      with:
        app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}
        private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }}
        owner: ${{ secrets.ORG_NAME }}
        repositories: ${{secrets.REPO_NAME}}

    - name: Trigger Workflow in Another Repo
      env:
        GH_TOKEN: ${{ steps.generate-token.outputs.token }}
      run: |
        gh workflow run cli-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \
        --ref main \
        -f pull_request_number=${{ github.event.pull_request.number }} \
        -f commit_sha=${{ github.event.pull_request.head.sha }}



  # Statuses and checks apply to specific commits (by hash).
  # Enforcement of required checks is done both at the PR level and the merge queue level.
  # In case of multiple commits in a single PR, the hash of the squashed commit
  # will not match the one for the latest (approved) commit in the PR.
  # We auto approve the check for the merge queue for two reasons:
  # * Queue times out due to duration of tests.
  # * Avoid running integration tests twice, since it was already run at the tip of the branch before squashing.
  auto-approve:
    if: github.event_name == 'merge_group'
    runs-on: ubuntu-latest
    steps:
      - name: Mark Check
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
            gh api -X POST -H "Accept: application/vnd.github+json" \
              -H "X-GitHub-Api-Version: 2022-11-28" \
              /repos/${{ github.repository }}/statuses/${{ github.sha }} \
              -f 'state=success' \
              -f 'context=Integration Tests Check'