deploy-pages/.github/workflows/rebuild-dependabot-prs.yml

name: Rebuild distributables for Dependabot PRs

on:
  push:
    branches:
      - 'dependabot/npm**'

# No permissions needed for `GITHUB_TOKEN` since we're using a PAT instead
permissions: {}

jobs:
  rebuild-dist:
    if: ${{ github.event.sender.login == 'dependabot[bot]' }}

    # This allows a subsequently queued workflow run to interrupt previous runs.
    # It is evaluated AFTER the job's `if` condition, so a push triggered by this
    # workflow's PAT will NOT interrupt a run triggered by a push from Dependabot.
    concurrency:
      group: '${{ github.workflow }} / ${{ github.job }} @ ${{ github.ref }}'
      cancel-in-progress: true

    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.PAGES_AUTOMATION_PAT }}

      - name: Setup Node.JS
        uses: actions/setup-node@v4
        with:
          node-version-file: '.node-version'
          cache: npm

      - name: Install dependencies
        run: npm ci

      - name: Rebuild the dist/ directory
        run: npm run prepare

      - name: Commit any differences present in the dist/ directory
        run: |
          if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then
            echo "Detected uncommitted changes after rebuild in dist folder. Committing..."
            git add dist/
            git config --local user.name "github-actions[bot]"
            git config --local user.email "github-actions[bot]@users.noreply.github.com"
            git commit -m "Update distributables after Dependabot 🤖"
            echo "Pushing branch ${{ github.ref_name }}"
            git push origin ${{ github.ref_name }}
          fi