name: Pre-commit

on:
  workflow_call:
    inputs:
      python_version:
        type: string
        default: "3.13"
      pre_commit_version:
        type: string
        default: "latest"
      working_directory:
        type: string
        default: "."
      cache_dependency_path:
        type: string
        default: ".pre-commit-config.yaml"
      env:
        description: >
          Multiline env vars, one per line: KEY=VALUE
        required: false
        type: string
        default: ""
      pre_commit_command:
        type: string
        default: "pre-commit run --all-files --show-diff-on-failure"
    secrets:
      ssh_private_key:
        required: false
      ssh_known_hosts:
        required: false

jobs:
  pre-commit:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    defaults:
      run:
        working-directory: ${{ inputs.working_directory }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Load env vars
        if: ${{ inputs.env != '' }}
        run: |
          while IFS= read -r line; do
            [ -z "$line" ] && continue
            case "$line" in \#*) continue;; esac
            if [[ "$line" != *=* ]]; then
              echo "Invalid env line: $line" >&2
              exit 1
            fi
            echo "$line" >> "$GITHUB_ENV"
          done <<< "${{ inputs.env }}"

      - name: Start ssh-agent
        if: ${{ secrets.ssh_private_key != '' }}
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.ssh_private_key }}

      - name: Add SSH known hosts
        if: ${{ secrets.ssh_known_hosts != '' }}
        run: |
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.ssh_known_hosts }}" >> ~/.ssh/known_hosts
          chmod 644 ~/.ssh/known_hosts

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: ${{ inputs.python_version }}

      - name: Install pre-commit
        env:
          PRE_COMMIT_VERSION: ${{ inputs.pre_commit_version }}
        run: |
          python -m pip install --upgrade pip
          if [ -z "$PRE_COMMIT_VERSION" ] || [ "$PRE_COMMIT_VERSION" = "latest" ]; then
            python -m pip install pre-commit
          else
            python -m pip install "pre-commit==$PRE_COMMIT_VERSION"
          fi

      - name: Cache pre-commit
        uses: actions/cache@v4
        with:
          path: ~/.cache/pre-commit
          key: pre-commit-${{ runner.os }}-${{ hashFiles(inputs.cache_dependency_path) }}
          restore-keys: |
            pre-commit-${{ runner.os }}-

      - name: Run pre-commit
        if: ${{ inputs.pre_commit_command != '' }}
        run: ${{ inputs.pre_commit_command }}