name: Create New Secrets Template

on:
  push:
    branches:
      - main
    paths:
      - "host_vars/**"
  workflow_dispatch:

jobs:
  create-pr:
    name: Extract updated template
    runs-on: runner
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Run extraction script
        run: |
          echo "${{ secrets.VAULT_PASS }}" > ~/.vault_pass.txt
          python3 scripts/extract_to_template.py

      - name: Commit changes
        run: |
          git config user.name "Service Account"
          git config user.email "alex+homelab@alexav.gg"
          git checkout -b template-extraction-${{ github.run_number }}
          git add .
          git commit -m "Automated template extraction"
          git push origin template-extraction-${{ github.run_number }}

      - name: Create Pull Request
        run: |
          curl -X POST \
            "https://git.alexav.gg/api/v1/repos/alex/homelab/pulls" \
            -H "Authorization: token ${{ secrets.TOKEN }}" \
            -H "Content-Type: application/json" \
            -d '{
              "title": "Automated Template Extraction",
              "body": "Updates the `all.template.yml` file with latest secrets for services",
              "head": "template-extraction-${{ github.run_number }}",
              "base": "main"
            }'