---
name: Linting
on:
  workflow_call:
jobs:
  pre-commit-ci:
    name: Pre-Commit
    runs-on: self-hosted
    env:
      PYTHON_VERSION: "3.11"

    steps:
      - name: Check out the codebase
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Set up Python ${{ env.PYTHON_VERSION }}
        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
          cache: 'pip' # caching pip dependencies

      - name: Restore Ansible cache
        uses: actions/cache/restore@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # 4.1.0
        with:
          path: ~/.ansible/collections
          key: ansible-${{ hashFiles('collections/requirements.yml') }}

      - name: Install dependencies
        run: |
          echo "::group::Upgrade pip"
          python3 -m pip install --upgrade pip
          echo "::endgroup::"

          echo "::group::Install Python requirements from requirements.txt"
          python3 -m pip install -r requirements.txt
          echo "::endgroup::"

      - name: Run pre-commit
        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # 3.0.1

  ensure-pinned-actions:
    name: Ensure SHA Pinned Actions
    runs-on: self-hosted
    steps:
      - name: Checkout code
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0
      - name: Ensure SHA pinned actions
        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40ba2d51b6b6d8695f2b6bd74e785172d4f8d00f # 3.0.14
        with:
          allowlist: |
            aws-actions/
            docker/login-action