name: Sync internal-docs submodule

on:
  schedule:
    - cron: '0 */4 * * *'
  workflow_dispatch:

jobs:
  sync:
    name: Bump internal-docs submodule pointer on dev
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Rewrite SSH submodule URL to HTTPS-with-token
        env:
          TOKEN: ${{ secrets.INTERNAL_DOCS_SYNC_TOKEN }}
        run: |
          git config --global "url.https://x-access-token:${TOKEN}@github.com/.insteadOf" "git@github.com:"

      - uses: actions/checkout@v4
        with:
          token: ${{ secrets.INTERNAL_DOCS_SYNC_TOKEN }}
          submodules: true
          ref: dev
          fetch-depth: 50

      - name: Open auto-merge PR if internal-docs has new commits
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -e

          # Skip if submodule not yet configured (handoff window before someone adds it)
          if ! git config --file .gitmodules --get-regexp '^submodule\..internal-docs\.path$' >/dev/null 2>&1; then
            echo "internal-docs submodule not yet configured in .gitmodules. Skipping."
            exit 0
          fi

          git submodule update --remote --merge .internal-docs

          if git diff --quiet .internal-docs; then
            echo "No internal-docs changes to sync."
            exit 0
          fi

          BRANCH="bot/sync-internal-docs-$(date -u +%Y%m%d-%H%M%S)"
          git config user.name  "browseros-bot"
          git config user.email "bot@browseros.ai"
          git checkout -b "$BRANCH"
          git add .internal-docs
          git commit -m "chore: sync internal-docs submodule"
          git push -u origin "$BRANCH"

          PR_URL=$(gh pr create \
            --base dev \
            --head "$BRANCH" \
            --title "chore: sync internal-docs submodule" \
            --body "Automated bump of the \`.internal-docs\` submodule pointer. Auto-merging.")

          gh pr merge "$PR_URL" --auto --squash --delete-branch