name: update-dist

permissions:
  contents: read

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  pull_request:
    types:
      - opened
      - synchronize

jobs:
  update-dist:
    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
    runs-on: ubuntu-latest
    steps:
      -
        name: GitHub auth token from GitHub App
        id: docker-read-app
        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
        with:
          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
          owner: docker
      -
        name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          fetch-depth: 0
          token: ${{ steps.docker-read-app.outputs.token }}
      -
        name: Build
        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
        with:
          source: .
          targets: build
      -
        name: Commit and push dist
        run: |
          if [ -n "$(git status --porcelain -- dist)" ]; then
            (
              set -x
              git config user.name "github-actions[bot]"
              git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
              git add dist
              git commit -m "chore: update generated content"
              git push
            )
          else
            echo "No changes in dist"
          fi