name: Sync Bitwarden global domains

on:
  schedule:
    - cron: "17 4 * * 1"
  workflow_dispatch:
    inputs:
      bitwarden_ref:
        description: "bitwarden/server ref to sync"
        required: false
        default: "main"
        type: string

permissions:
  contents: write
  pull-requests: write

jobs:
  sync-global-domains:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: 22

      - name: Sync generated Bitwarden domains
        run: npm run domains:sync -- --ref "${{ inputs.bitwarden_ref || 'main' }}"

      - name: Verify custom domains were not touched
        run: git diff --exit-code -- src/static/global_domains.custom.json

      - name: Create pull request
        uses: peter-evans/create-pull-request@v6
        with:
          branch: chore/sync-bitwarden-global-domains
          delete-branch: true
          title: "chore: sync Bitwarden global domain rules"
          commit-message: "chore: sync Bitwarden global domain rules"
          body: |
            Automated sync from bitwarden/server.

            This PR only updates:
            - `src/static/global_domains.bitwarden.json`
            - `src/static/global_domains.bitwarden.meta.json`

            `src/static/global_domains.custom.json` is intentionally left untouched.
          add-paths: |
            src/static/global_domains.bitwarden.json
            src/static/global_domains.bitwarden.meta.json