---
# yaml-language-server: $schema=https://json.schemastore.org/github-action.json
name: Ansible Lint and Fix
description: 'Lints and fixes Ansible playbooks, commits changes, and uploads SARIF report.'
author: 'Ismo Vuorinen'

branding:
  icon: 'play'
  color: 'green'

runs:
  using: composite
  steps:
    - name: Check for Ansible Files
      shell: bash
      run: |
        if ! find . -name "*.yml" | grep -q .; then
          echo "No Ansible files found. Skipping lint and fix."
          exit 0
        fi

    - name: Install ansible-lint
      shell: bash
      run: |
        pip install ansible-lint==6.22.1 || {
          echo "::error::Failed to install ansible-lint"
          exit 1
        }

    - name: Run ansible-lint
      shell: bash
      run: |
        ansible-lint --write --parseable-severity --format sarif > ansible-lint.sarif

    - name: Set Git Config for Fixes
      uses: ivuorinen/actions/set-git-config@main

    - name: Commit Fixes
      shell: bash
      run: |
        if git diff --quiet; then
          echo "No changes to commit."
        else
          git add .
          git commit -m "fix: applied ansible lint fixes"
          git push
        fi

    - name: Upload SARIF Report
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: ansible-lint.sarif