name: Automatic Updates

on:
  schedule:
    - cron: 0 0 * * *
  workflow_dispatch:

defaults:
  run:
    shell: 'bash -Eeuo pipefail -x {0}'

jobs:
  build:
    name: Run update script
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v3
        with:
          token: ${{ secrets.REPO_GHA_PAT }}
      - uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      - name: Run update script
        uses: nick-fields/retry@v2
        with:
          timeout_minutes: 15
          max_attempts: 3
          command: |
            # pip-tools provides pip-compile used by update.sh
            pip3 install --upgrade pip-tools pip
            export PATH=$HOME/.local/bin:$PATH
            echo "Updating Debian images"
            ./Debian/update.sh
      - name: Diff
        run: |
          git status
          git diff
      - name: Temporarily disable "include administrators" branch protection
        if: ${{ always() && github.ref == 'refs/heads/main' }}
        id: disable_include_admins
        uses: benjefferies/branch-protection-bot@1.0.8
        with:
          access_token: ${{ secrets.REPO_GHA_PAT }}
          branch: main
          enforce_admins: false
      - uses: EndBug/add-and-commit@v9
        with:
          author_name: CloudNativePG Automated Updates
          author_email: noreply@cnpg.com
          message: 'Daily automatic update'
      - name: Enable "include administrators" branch protection
        uses: benjefferies/branch-protection-bot@1.0.8
        if: ${{ always() && github.ref == 'refs/heads/main' }}
        with:
          access_token: ${{ secrets.REPO_GHA_PAT }}
          branch: main
          enforce_admins: ${{ steps.disable_include_admins.outputs.initial_status }}