name: authentik-web-api-publish
on:
  push:
    branches: [main]
    paths:
      - "schema.yml"
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - id: generate_token
        uses: tibdex/github-app-token@v2
        with:
          app_id: ${{ secrets.GH_APP_ID }}
          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      - uses: actions/checkout@v4
        with:
          token: ${{ steps.generate_token.outputs.token }}
      - uses: actions/setup-node@v4
        with:
          node-version-file: web/package.json
          registry-url: "https://registry.npmjs.org"
      - name: Generate API Client
        run: make gen-client-ts
      - name: Publish package
        working-directory: gen-ts-api/
        run: |
          npm ci
          npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
      - name: Upgrade /web
        working-directory: web/
        run: |
          export VERSION=`node -e 'console.log(require("../gen-ts-api/package.json").version)'`
          npm i @goauthentik/api@$VERSION
      - uses: peter-evans/create-pull-request@v5
        id: cpr
        with:
          token: ${{ steps.generate_token.outputs.token }}
          branch: update-web-api-client
          commit-message: "web: bump API Client version"
          title: "web: bump API Client version"
          body: "web: bump API Client version"
          delete-branch: true
          signoff: true
          # ID from https://api.github.com/users/authentik-automation[bot]
          author: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
      - uses: peter-evans/enable-pull-request-automerge@v3
        with:
          token: ${{ steps.generate_token.outputs.token }}
          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
          merge-method: squash