---
name: Linting
on:
  workflow_call:
jobs:
  pre-commit-ci:
    name: Pre-Commit
    runs-on: self-hosted
    env:
      PYTHON_VERSION: "3.11"

    steps:
      - name: Check out the codebase
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Restore Ansible cache
        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # 4.1.2
        with:
          path: ~/.ansible/collections
          key: ansible-${{ hashFiles('collections/requirements.yml') }}

      - name: Install dependencies
        run: |
          echo "::group::Upgrade pip"
          python3 -m pip install --upgrade pip
          echo "::endgroup::"

          echo "::group::Install Python requirements from requirements.txt"
          python3 -m pip install -r requirements.txt
          echo "::endgroup::"

      - name: Run pre-commit
        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # 3.0.1

  ensure-pinned-actions:
    name: Ensure SHA Pinned Actions
    runs-on: self-hosted
    steps:
      - name: Checkout code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
      - name: Ensure SHA pinned actions
        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@38608ef4fb69adae7f1eac6eeb88e67b7d083bfd # 3.0.16
        with:
          allowlist: |
            aws-actions/
            docker/login-action