---
name: _move_finalization_db_scripts
run-name: Move finalization database scripts

on:
  workflow_call:

permissions:
  pull-requests: write
  contents: write

jobs:
  setup:
    name: Setup
    runs-on: ubuntu-22.04
    outputs:
      migration_filename_prefix: ${{ steps.prefix.outputs.prefix }}
      copy_finalization_scripts: ${{ steps.check-finalization-scripts-existence.outputs.copy_finalization_scripts }}
    steps:
      - name: Log in to Azure
        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
          secrets: "github-pat-bitwarden-devops-bot-repo-scope"

      - name: Check out branch
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}

      - name: Get script prefix
        id: prefix
        run: echo "prefix=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT

      - name: Check if any files in DB finalization directory
        id: check-finalization-scripts-existence
        run: |
          if [ -f util/Migrator/DbScripts_finalization/* ]; then
            echo "copy_finalization_scripts=true" >> $GITHUB_OUTPUT
          else
            echo "copy_finalization_scripts=false" >> $GITHUB_OUTPUT
          fi

  move-finalization-db-scripts:
    name: Move finalization database scripts
    runs-on: ubuntu-22.04
    needs: setup
    if: ${{ needs.setup.outputs.copy_finalization_scripts == 'true' }}
    steps:
      - name: Checkout
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          fetch-depth: 0

      - name: Generate branch name
        id: branch_name
        env:
          PREFIX: ${{ needs.setup.outputs.migration_filename_prefix }}
        run: echo "branch_name=move_finalization_db_scripts_$PREFIX" >> $GITHUB_OUTPUT

      - name: "Create branch"
        env:
          BRANCH: ${{ steps.branch_name.outputs.branch_name }}
        run: git switch -c $BRANCH

      - name: Move DbScripts_finalization
        id: move-files
        env:
          PREFIX: ${{ needs.setup.outputs.migration_filename_prefix }}
        run: |
          src_dir="util/Migrator/DbScripts_finalization"
          dest_dir="util/Migrator/DbScripts"
          i=0

          moved_files=""
          for file in "$src_dir"/*; do
            filenumber=$(printf "%02d" $i)

            filename=$(basename "$file")
            new_filename="${PREFIX}_${filenumber}_${filename}"
            dest_file="$dest_dir/$new_filename"

            mv "$file" "$dest_file"
            moved_files="$moved_files \n $filename -> $new_filename"

            i=$((i+1))
          done
          echo "moved_files=$moved_files" >> $GITHUB_OUTPUT

      - name: Log in to Azure - production subscription
        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
          secrets: "github-gpg-private-key,
            github-gpg-private-key-passphrase,
            devops-alerts-slack-webhook-url"

      - name: Import GPG keys
        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
        with:
          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
          git_user_signingkey: true
          git_commit_gpgsign: true

      - name: Commit and push changes
        id: commit
        run: |
          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
          git config --local user.name "bitwarden-devops-bot"
          if [ -n "$(git status --porcelain)" ]; then
            git add .
            git commit -m "Move DbScripts_finalization to DbScripts" -a
            git push -u origin ${{ steps.branch_name.outputs.branch_name }}
            echo "pr_needed=true" >> $GITHUB_OUTPUT
          else
            echo "No changes to commit!";
            echo "pr_needed=false" >> $GITHUB_OUTPUT
            echo "### :mega: No changes to commit! PR was ommited." >> $GITHUB_STEP_SUMMARY
          fi

      - name: Create PR for ${{ steps.branch_name.outputs.branch_name }}
        if: ${{ steps.commit.outputs.pr_needed == 'true' }}
        id: create-pr
        env:
          BRANCH: ${{ steps.branch_name.outputs.branch_name }}
          GH_TOKEN: ${{ github.token }}
          MOVED_FILES: ${{ steps.move-files.outputs.moved_files }}
          TITLE: "Move finalization database scripts"
        run: |
          PR_URL=$(gh pr create --title "$TITLE" \
            --base "main" \
            --head "$BRANCH" \
            --label "automated pr" \
            --body "
              ## Automated movement of DbScripts_finalization to DbScripts

              ## Files moved:
              $(echo -e "$MOVED_FILES")
              ")
          echo "pr_url=${PR_URL}" >> $GITHUB_OUTPUT

      - name: Notify Slack about creation of PR
        if: ${{ steps.commit.outputs.pr_needed == 'true' }}
        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
        env:
          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
        with:
          message: "Created PR for moving DbScripts_finalization to DbScripts: ${{ steps.create-pr.outputs.pr_url }}"
          status: ${{ job.status }}