# Generates requirements.lock from requirements.txt using Python 3.11 (same as build).
# Run manually (workflow_dispatch) or on changes to requirements.txt.
# After running, commit the generated requirements.lock so builds use it for fast installs.

name: Update requirements.lock

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - int
    paths:
      - 'requirements.txt'

# Cancel in-progress runs when a new run is triggered (saves logs/storage)
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  update-lock:
    runs-on: ubuntu-latest
    permissions:
      contents: write  # push requirements.lock

    steps:
      - uses: actions/checkout@v5

      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: '3.11'

      - name: Install pip-tools
        run: python -m pip install --upgrade "pip>=24,<26" pip-tools

      - name: Generate requirements.lock
        run: pip-compile requirements.txt -o requirements.lock

      - name: Set environment file
        run: |
          if [ "${{ github.ref }}" == "refs/heads/int" ]; then
            ENV_FILE="env-gateway-int.env"
          else
            ENV_FILE="env-gateway-prod.env"
          fi
          test -f "$ENV_FILE"
          cp "$ENV_FILE" .env

      - name: Install dependencies from generated lock
        run: pip install -r requirements.lock --no-cache-dir

      - name: Run tests
        run: python -m pytest tests/ --ignore=tests/demo

      - name: Clean up .env before commit
        run: rm -f .env

      - name: Commit and push requirements.lock
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add requirements.lock
          if git diff --staged --quiet; then
            echo "No changes to requirements.lock"
          else
            git commit -m "chore: update requirements.lock"
            git push
          fi