---
name: Linting
on:
  workflow_call:
jobs:
  pre-commit-ci:
    name: Pre-Commit
    runs-on: self-hosted
    env:
      PYTHON_VERSION: "3.11"

    steps:
      - name: Check out the codebase
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Restore Ansible cache
        uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0
        with:
          path: ~/.ansible/collections
          key: ansible-${{ hashFiles('collections/requirements.yml') }}

      - name: Install dependencies
        run: |
          echo "::group::Upgrade pip"
          python3 -m pip install --upgrade pip
          echo "::endgroup::"

          echo "::group::Install Python requirements from requirements.txt"
          python3 -m pip install -r requirements.txt
          echo "::endgroup::"

      - name: Run pre-commit
        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # 3.0.1

  ensure-pinned-actions:
    name: Ensure SHA Pinned Actions
    runs-on: self-hosted
    steps:
      - name: Checkout code
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
      - name: Ensure SHA pinned actions
        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@2f2ebc6d914ab515939dc13f570f91baeb2c194c # 3.0.6
        with:
          allowlist: |
            aws-actions/
            docker/login-action