# ABOUTME: Updates pkgver in moonarch-pkgbuilds after a push to main.
# ABOUTME: Ensures paru detects new versions of this package.

name: Update PKGBUILD version

on:
  push:
    branches:
      - main

jobs:
  update-pkgver:
    runs-on: moonarch
    steps:
      - name: Checkout source repo
        run: |
          git clone --bare https://gitea.moonarch.de/nevaforget/moonarch.git source.git
          cd source.git
          PKGVER=$(printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)")
          echo "New pkgver: $PKGVER"
          echo "$PKGVER" > /tmp/pkgver

      - name: Update PKGBUILD
        env:
          PKGBUILD_TOKEN: ${{ secrets.PKGBUILD_TOKEN }}
        run: |
          PKGVER=$(cat /tmp/pkgver)
          git clone https://gitea.moonarch.de/nevaforget/moonarch-pkgbuilds.git pkgbuilds
          cd pkgbuilds

          OLD_VER=$(grep '^pkgver=' moonarch-git/PKGBUILD | cut -d= -f2)
          if [ "$OLD_VER" = "$PKGVER" ]; then
            echo "pkgver already up to date ($PKGVER)"
            exit 0
          fi

          sed -i "s/^pkgver=.*/pkgver=$PKGVER/" moonarch-git/PKGBUILD
          echo "Updated pkgver: $OLD_VER → $PKGVER"

          git config user.name "pkgver-bot"
          git config user.email "gitea@moonarch.de"
          git add moonarch-git/PKGBUILD
          git commit -m "chore(moonarch-git): bump pkgver to $PKGVER"

          # Push via credential helper with a chmod 600 temp file, so the token
          # never appears in /proc/PID/cmdline (as it would with `git -c
          # http.extraHeader=...`).
          CRED_FILE=$(mktemp)
          chmod 600 "$CRED_FILE"
          trap 'rm -f "$CRED_FILE"' EXIT
          printf "https://pkgver-bot:%s@gitea.moonarch.de\n" "$PKGBUILD_TOKEN" > "$CRED_FILE"
          git -c credential.helper="store --file=$CRED_FILE" push