name: Pull Request

permissions:
  # To create a draft release.
  contents: write
  # To comment on PRs.
  pull-requests: write
  # To sign artifacts.
  id-token: write

on:
  pull_request:
    paths-ignore:
      - "sdk/.version"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

# The jobs in this workflow are only run on branches. The `on-community-pr.yml` job provides
# commands for running workflows from forks.

jobs:
  changelog-comment:
    name: changelog preview
    if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
    permissions:
      contents: read
      pull-requests: write
    uses: ./.github/workflows/on-pr-changelog.yml
    with:
      ref: ${{ github.ref }}
      base-ref: origin/${{ github.base_ref }}
      pr-number: ${{ github.event.pull_request.number }}
      changelog-required: ${{ !contains(github.event.pull_request.labels.*.name, 'impact/no-changelog-required') }}
    secrets: inherit

  info:
    name: info
    if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
    uses: ./.github/workflows/ci-info.yml
    permissions:
      contents: read
    with:
      ref: ${{ github.ref }}
      is-snapshot: true
    secrets: inherit

  # Determines which files have changed so we can avoid running expensive tests
  # if they're not necessary.
  inspect:
    name: Inspect changed files
    runs-on: ubuntu-latest
    steps:
      - uses: dorny/paths-filter@v3
        id: changes
        with:
          token: ${{ secrets.PULUMI_BOT_TOKEN }}
          filters: |
            # If files matching any of these patterns change,
            # we will run codegen tests for pull requests.
            test-codegen:
              - 'pkg/codegen/docs/**'
              - 'pkg/codegen/dotnet/**'
              - 'pkg/codegen/go/**'
              - 'pkg/codegen/nodejs/**'
              - 'pkg/codegen/python/**'
    outputs:
      # Add an entry here for every named pattern
      # defined in filters.
      test-codegen: ${{ steps.changes.outputs.test-codegen }}

  ci:
    name: CI
    if: ${{ github.event.pull_request.head.repo.full_name == github.repository }}
    needs: [info, inspect]
    uses: ./.github/workflows/ci.yml
    permissions:
      contents: read
      # To sign artifacts.
      id-token: write
    with:
      ref: ${{ github.ref }}
      version: ${{ needs.info.outputs.version }}
      lint: true
      build-all-targets: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }}
      # codegen tests take quite a while to run.
      # Run them only if ci/test is set,
      # or if one of the codegen files changed.
      test-codegen: >- # No newlines or trailing newline.
        ${{
          contains(github.event.pull_request.labels.*.name, 'ci/test') ||
          (needs.inspect.outputs.test-codegen == 'true')
        }}
      test-version-sets: >- # No newlines or trailing newline.
        ${{
          contains(github.event.pull_request.labels.*.name, 'ci/test')
          && 'minimum current'
          || 'current'
        }}
      integration-test-platforms: ubuntu-latest
      acceptance-test-platforms: >- # No newlines or trailing newline.
        ${{
          contains(github.event.pull_request.labels.*.name, 'ci/test')
          && 'macos-latest windows-latest'
          || ''
        }}
      # We'll only upload coverage artifacts with the periodic-coverage cron workflow.
      enable-coverage: false
    secrets: inherit

  prepare-release:
    name: prepare
    if: >- # No newlines or trailing newline.
      ${{
        github.event.pull_request.head.repo.full_name == github.repository
        && contains(github.event.pull_request.labels.*.name, 'ci/test')
      }}
    needs: [info, ci]
    uses: ./.github/workflows/ci-prepare-release.yml
    permissions:
      contents: write
      # To sign artifacts.
      id-token: write
    with:
      ref: ${{ github.ref }}
      version: ${{ needs.info.outputs.version }}
      release-notes: ${{ needs.info.outputs.release-notes }}
      project: ${{ github.repository }}
      draft: true
      prerelease: true
    secrets: inherit

  ci-ok:
    name: ci-ok
    needs: [ci]
    runs-on: ubuntu-latest
    steps:
      - name: CI succeeded
        run: exit 0

  # release:
  #   name: release
  #   if: ${{ contains(github.event.pull_request.labels.*.name, 'ci/test') }}
  #   needs: [info, matrix, prepare-release]
  #   uses: ./.github/workflows/release.yml
  #   permissions:
  #     contents: write
  #     pull-requests: write
  #   with:
  #     ref: ${{ github.ref }}
  #     version: ${{ needs.info.outputs.version }}
  #     release-notes: ${{ needs.info.outputs.release-notes }}
  #     version-set: ${{ needs.matrix.outputs.version-set }}
  #     queue-merge: false
  #   secrets: inherit