# This action requires the following secrets to be set on the repository:
#   GH_USER_NAME: GitHub user whose Jenkins and GitHub token are defined below
#   GH_USER_TOKEN: GitHub user token, to be used by ncu and to push changes
#   JENKINS_TOKEN: Jenkins token, to be used to check CI status

name: Commit Queue

on:
  # `schedule` event is used instead of `pull_request` because when a
  # `pull_request` event is triggered on a PR from a fork, GITHUB_TOKEN will
  # be read-only, and the Action won't have access to any other repository
  # secrets, which it needs to access Jenkins API.
  schedule:
    - cron: '*/5 * * * *'

concurrency: ${{ github.workflow }}

env:
  NODE_VERSION: lts/*

permissions:
  contents: read

jobs:
  get_mergeable_prs:
    permissions:
      pull-requests: read
    if: github.repository == 'nodejs/node'
    runs-on: ubuntu-latest
    outputs:
      numbers: ${{ steps.get_mergeable_prs.outputs.numbers }}
    steps:
      - name: Get Pull Requests
        id: get_mergeable_prs
        run: |
          prs=$(gh pr list \
                  --repo ${{ github.repository }} \
                  --base ${{ github.ref_name }} \
                  --label 'commit-queue' \
                  --json 'number' \
                  --search "created:<=$(date --date="2 days ago"  +"%Y-%m-%dT%H:%M:%S%z") -label:blocked" \
                  -t '{{ range . }}{{ .number }} {{ end }}' \
                  --limit 100)
          fast_track_prs=$(gh pr list \
                  --repo ${{ github.repository }} \
                  --base ${{ github.ref_name }} \
                  --label 'commit-queue' \
                  --label 'fast-track' \
                  --search "-label:blocked" \
                  --json 'number' \
                  -t '{{ range . }}{{ .number }} {{ end }}' \
                  --limit 100)
          numbers=$(echo $prs' '$fast_track_prs | jq -r -s 'unique | join(" ")')
          echo "numbers=$numbers" >> $GITHUB_OUTPUT
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  commitQueue:
    needs: get_mergeable_prs
    if: needs.get_mergeable_prs.outputs.numbers != ''
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
        with:
          # Needs the whole git history for ncu to work
          # See https://github.com/nodejs/node-core-utils/pull/486
          fetch-depth: 0
          # A personal token is required because pushing with GITHUB_TOKEN will
          # prevent commits from running CI after they land. It needs
          # to be set here because `checkout` configures GitHub authentication
          # for push as well.
          token: ${{ secrets.GH_USER_TOKEN }}

      # Install dependencies
      - name: Install Node.js
        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af  # v4.1.0
        with:
          node-version: ${{ env.NODE_VERSION }}
      - name: Install @node-core/utils
        run: npm install -g @node-core/utils

      - name: Set variables
        run: |
          echo "REPOSITORY=$(echo ${{ github.repository }} | cut -d/ -f2)" >> $GITHUB_ENV
          echo "OWNER=${{ github.repository_owner }}" >> $GITHUB_ENV

      - name: Configure @node-core/utils
        run: |
          ncu-config set branch ${GITHUB_REF_NAME}
          ncu-config set upstream origin
          ncu-config set username "$USERNAME"
          ncu-config set token "$GH_TOKEN"
          ncu-config set jenkins_token "$JENKINS_TOKEN"
          ncu-config set repo "${REPOSITORY}"
          ncu-config set owner "${OWNER}"
        env:
          USERNAME: ${{ secrets.JENKINS_USER }}
          GH_TOKEN: ${{ secrets.GH_USER_TOKEN }}
          JENKINS_TOKEN: ${{ secrets.JENKINS_TOKEN }}

      - name: Start the Commit Queue
        run: ./tools/actions/commit-queue.sh ${{ env.OWNER }} ${{ env.REPOSITORY }} ${{ needs.get_mergeable_prs.outputs.numbers }}
        env:
          GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}