name: GitHub Event Processor

on:
  issues:
    types: [edited, labeled, opened, reopened, unlabeled]
  # issue_comment is used for both issues and pull_requests
  # github.event.issue.pull_request will be non-null on pull request comments
  issue_comment:
    types: [created]
  # synchronize is the pull_request_target event when changes are pushed
  # pull request merged is the closed event with github.event.pull_request.merged = true
  pull_request_target:
    types: [closed, labeled, opened, reopened, review_requested, synchronize, unlabeled]

# This removes all unnecessary permissions, the ones needed will be set below.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions: {}

jobs:
  event-handler:
    permissions:
      issues: write
      pull-requests: write
      # For OIDC auth
      id-token: write
      contents: read
    name: Handle ${{ github.event_name }} ${{ github.event.action }} event
    runs-on: ubuntu-latest
    steps:
      - name: 'Az CLI login'
        if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
        uses: azure/login@v1
        with:
            client-id: ${{ secrets.AZURE_CLIENT_ID }}
            tenant-id: ${{ secrets.AZURE_TENANT_ID }}
            subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: 'Run Azure CLI commands'
        if: ${{ github.event_name == 'issues' && github.event.action == 'opened' }}
        run: |
          LABEL_SERVICE_API_KEY=$(az keyvault secret show \
            --vault-name issue-labeler \
            -n issue-labeler-func-key \
            -o tsv \
            --query value)

          echo "::add-mask::$LABEL_SERVICE_API_KEY"
          echo "LABEL_SERVICE_API_KEY=$LABEL_SERVICE_API_KEY" >> $GITHUB_ENV

      # To run github-event-processor built from source, for testing purposes, uncomment everything
      # in between the Start/End-Build From Source comments and comment everything in between the
      # Start/End-Install comments
      # Start-Install
      - name: Install GitHub Event Processor
        run: >
          dotnet tool install
          Azure.Sdk.Tools.GitHubEventProcessor
          --version 1.0.0-dev.20230713.2
          --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json
          --global
        shell: bash
      # End-Install

      # Testing checkout of sources from the Azure/azure-sdk-tools repository
      # The ref: is the SHA from the pull request in that repository or the
      # refs/pull/<PRNumber>/merge for the latest on any given PR. If the repository
      # is a fork eg. <User>/azure-sdk-tools then the repository down below will
      # need to point to that fork
      # Start-Build
      # - name: Checkout tools repo for GitHub Event Processor sources
      #   uses: actions/checkout@v3
      #   with:
      #     repository: Azure/azure-sdk-tools
      #     path: azure-sdk-tools
      #     ref: <refs/pull/<PRNumber>/merge> or <sha>

      # - name: Build and install GitHubEventProcessor from sources
      #   run: |
      #     dotnet pack
      #     dotnet tool install --global --prerelease --add-source ../../../artifacts/packages/Debug Azure.Sdk.Tools.GitHubEventProcessor
      #   shell: bash
      #   working-directory: azure-sdk-tools/tools/github-event-processor/Azure.Sdk.Tools.GitHubEventProcessor
      # End-Build

      - name: Process Action Event
        run: |
          cat > payload.json << 'EOF'
          ${{ toJson(github.event) }}
          EOF
          github-event-processor ${{ github.event_name }} payload.json
        shell: bash
        env:
          # This is a temporary secret generated by github
          # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          LABEL_SERVICE_API_KEY: ${{ env.LABEL_SERVICE_API_KEY }}