---
name: Linting
on:
  workflow_call:
jobs:
  pre-commit-ci:
    name: Pre-Commit
    runs-on: self-hosted
    env:
      PYTHON_VERSION: "3.11"

    steps:
      - name: Check out the codebase
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # 5.0.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Restore Ansible cache
        uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0
        with:
          path: ~/.ansible/collections
          key: ansible-${{ hashFiles('collections/requirements.yml') }}

      - name: Install dependencies
        run: |
          echo "::group::Upgrade pip"
          python3 -m pip install --upgrade pip
          echo "::endgroup::"

          echo "::group::Install Python requirements from requirements.txt"
          python3 -m pip install -r requirements.txt
          echo "::endgroup::"

      - name: Run pre-commit
        uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0

  ensure-pinned-actions:
    name: Ensure SHA Pinned Actions
    runs-on: self-hosted
    steps:
      - name: Checkout code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
      - name: Ensure SHA pinned actions
        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328d4ea95eaf8b3bd6c6cef308f709a5f2ec # 3.0.3
        with:
          allowlist: |
            aws-actions/
            docker/login-action