name: jenkins scan

on:
  issue_comment:
    types: [created, edited]

jobs:
  # TODO: gc old branches in a separate job in this workflow
  scan-comments:
    runs-on: ubuntu-latest
    if: ${{ github.event.issue.pull_request }}
    steps:
    - name: Check for trigger phrase
      id: check_comment
      uses: actions/github-script@v7
      with:
        script: |
          const triggerPhrase = "trigger-jenkins";
          const comment = context.payload.comment.body;
          const commenter = context.payload.comment.user.login;

          const { data: permissions } = await github.rest.repos.getCollaboratorPermissionLevel({
            owner: context.repo.owner,
            repo: context.repo.repo,
            username: commenter
          });

          const hasWriteAccess = permissions.permission === 'write' || permissions.permission === 'admin';

          return (hasWriteAccess && comment.includes(triggerPhrase));
        result-encoding: json

    - name: Checkout repository
      if: steps.check_comment.outputs.result == 'true'
      uses: actions/checkout@v4
      with:
        ref: refs/pull/${{ github.event.issue.number }}/head

    - name: Push to tmp-jenkins branch
      if: steps.check_comment.outputs.result == 'true'
      run: |
        git config --global user.name "github-actions[bot]"
        git config --global user.email "github-actions[bot]@users.noreply.github.com"
        git checkout -b tmp-jenkins-${{ github.event.issue.number }}
        GIT_LFS_SKIP_PUSH=1 git push -f origin tmp-jenkins-${{ github.event.issue.number }}