name: jenkins scan

on:
  issue_comment:
    types: [created, edited]

jobs:
  cleanup-branches:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Delete stale Jenkins branches
        uses: actions/github-script@v8
        with:
          script: |
            const cutoff = Date.now() - 24 * 60 * 60 * 1000;
            const prefixes = ['tmp-jenkins', '__jenkins'];

            for await (const response of github.paginate.iterator(github.rest.repos.listBranches, {
              owner: context.repo.owner,
              repo: context.repo.repo,
              per_page: 100,
            })) {
              for (const branch of response.data) {
                if (!prefixes.some(p => branch.name.startsWith(p))) continue;

                const { data: commit } = await github.rest.repos.getCommit({
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                  ref: branch.commit.sha,
                });

                const commitDate = new Date(commit.commit.committer.date).getTime();
                if (commitDate < cutoff) {
                  console.log(`Deleting branch: ${branch.name} (last commit: ${commit.commit.committer.date})`);
                  await github.rest.git.deleteRef({
                    owner: context.repo.owner,
                    repo: context.repo.repo,
                    ref: `heads/${branch.name}`,
                  });
                }
              }
            }

  scan-comments:
    runs-on: ubuntu-latest
    if: ${{ github.event.issue.pull_request }}
    permissions:
      contents: write
      issues: write
    steps:
    - name: Check for trigger phrase
      id: check_comment
      uses: actions/github-script@v8
      with:
        script: |
          const triggerPhrase = "trigger-jenkins";
          const comment = context.payload.comment.body;
          const commenter = context.payload.comment.user.login;

          const { data: permissions } = await github.rest.repos.getCollaboratorPermissionLevel({
            owner: context.repo.owner,
            repo: context.repo.repo,
            username: commenter
          });

          const hasWriteAccess = permissions.permission === 'write' || permissions.permission === 'admin';

          return (hasWriteAccess && comment.includes(triggerPhrase));
        result-encoding: json

    - name: Checkout repository
      if: steps.check_comment.outputs.result == 'true'
      uses: actions/checkout@v6
      with:
        ref: refs/pull/${{ github.event.issue.number }}/head

    - name: Push to tmp-jenkins branch
      if: steps.check_comment.outputs.result == 'true'
      run: |
        git config --global user.name "github-actions[bot]"
        git config --global user.email "github-actions[bot]@users.noreply.github.com"
        git checkout -b tmp-jenkins-${{ github.event.issue.number }}
        GIT_LFS_SKIP_PUSH=1 git push -f origin tmp-jenkins-${{ github.event.issue.number }}

    - name: Delete trigger comment
      if: steps.check_comment.outputs.result == 'true' && always()
      uses: actions/github-script@v8
      with:
        script: |
          await github.rest.issues.deleteComment({
            owner: context.repo.owner,
            repo: context.repo.repo,
            comment_id: context.payload.comment.id,
          });