name: integration-pr

on:
  pull_request:
    types: [opened, synchronize]

jobs:
  # Trigger for pull requests.
  #
  # This workflow triggers the integration test workflow in a different repository.
  # It requires secrets from the "test-trigger-is" environment, which are only available to authorized users.
  trigger:
    runs-on:
      group: databricks-deco-testing-runner-group
      labels: ubuntu-latest-deco

    environment: "test-trigger-is"

    # Only run this job for PRs from branches on the main repository and not from forks.
    # Workflows triggered by PRs from forks don't have access to the "test-trigger-is" environment.
    if: "${{ !github.event.pull_request.head.repo.fork }}"

    steps:
      - name: Generate GitHub App Token
        id: generate-token
        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
        with:
          app-id: ${{ secrets.DECO_WORKFLOW_TRIGGER_APP_ID }}
          private-key: ${{ secrets.DECO_WORKFLOW_TRIGGER_PRIVATE_KEY }}
          owner: ${{ secrets.ORG_NAME }}
          repositories: ${{secrets.REPO_NAME}}

      - name: Trigger Workflow in Another Repo
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
        run: |
          gh workflow run cli-isolated-pr.yml -R ${{ secrets.ORG_NAME }}/${{secrets.REPO_NAME}} \
          --ref main \
          -f pull_request_number=${{ github.event.pull_request.number }} \
          -f commit_sha=${{ github.event.pull_request.head.sha }}