name: Internal - Main - Continuous Integration

on:
  push:
    branches: [main]
    tags: ["*"]

  workflow_dispatch:

  schedule:
    - cron: "25 8 * * 1"

permissions:
  actions: read
  contents: read
  packages: read
  security-events: write
  statuses: write
  # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
  id-token: write

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  ci:
    uses: ./.github/workflows/__shared-ci.yml
    secrets: inherit

  release:
    needs: ci
    if: github.event_name != 'schedule'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

      - name: 📖 Generate documentation
        uses: hoverkraft-tech/ci-dokumentor@fe7b78e19572b70e2a5db7f2a61b99c70358061a # 0.1.2
        with:
          source: action.yml

      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
        id: generate-token
        with:
          app-id: ${{ vars.CI_BOT_APP_ID }}
          private-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}

      - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@d324c777132734fc988c79a74dff3ee0248835fc # 0.25.0
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          branch: docs/actions-workflows-documentation-update
          title: "docs: update actions and workflows documentation"
          body: Update actions and workflows documentation
          commit-message: |
            docs: update actions and workflows documentation

            [skip ci]