# yaml-language-server: $schema=https://json.schemastore.org/github-action.json
# permissions:
#   - contents: write  # Required for git configuration and operations
---
name: Set Git Config
description: 'Sets Git configuration for actions.'
author: 'Ismo Vuorinen'

branding:
  icon: git-commit
  color: gray-dark

inputs:
  token:
    description: 'GitHub token for authentication'
    required: false
    default: ${{ github.token }}
  username:
    description: 'GitHub username for commits.'
    default: 'github-actions'
  email:
    description: 'GitHub email for commits.'
    default: 'github-actions@github.com'
  is_fiximus:
    description: 'Whether to use the Fiximus bot.'
    required: false
    default: 'false'

outputs:
  token:
    description: 'GitHub token.'
    value: ${{ steps.bot.outputs.token }}
  username:
    description: 'GitHub username for commits.'
    value: ${{ steps.bot.outputs.username }}
  email:
    description: 'GitHub email for commits.'
    value: ${{ steps.bot.outputs.email }}
  is_fiximus:
    description: 'Whether to use the Fiximus bot.'
    value: ${{ steps.bot.outputs.is_fiximus }}

runs:
  using: composite
  steps:
    - name: Check for FIXIMUS_TOKEN
      id: bot
      shell: bash
      env:
        INPUT_TOKEN: ${{ inputs.token }}
        INPUT_USERNAME: ${{ inputs.username }}
        INPUT_EMAIL: ${{ inputs.email }}
        INPUT_IS_FIXIMUS: ${{ inputs.is_fiximus }}
      run: |
        set -euo pipefail

        # Use printf to safely write outputs (prevents injection)
        printf 'token=%s\n' "${INPUT_TOKEN}" >> "$GITHUB_OUTPUT"
        printf 'username=%s\n' "${INPUT_USERNAME}" >> "$GITHUB_OUTPUT"
        printf 'email=%s\n' "${INPUT_EMAIL}" >> "$GITHUB_OUTPUT"
        printf 'is_fiximus=%s\n' "${INPUT_IS_FIXIMUS}" >> "$GITHUB_OUTPUT"

        # Determine final values
        FINAL_TOKEN="$INPUT_TOKEN"
        FINAL_USERNAME="$INPUT_USERNAME"
        FINAL_EMAIL="$INPUT_EMAIL"

        if [ "$INPUT_IS_FIXIMUS" != "false" ]; then
          FINAL_USERNAME="fiximus"
          FINAL_EMAIL="github-bot@ivuorinen.net"
          printf 'username=%s\n' "fiximus" >> "$GITHUB_OUTPUT"
          printf 'email=%s\n' "github-bot@ivuorinen.net" >> "$GITHUB_OUTPUT"
        fi

        # Write validated values to GITHUB_ENV for safe use in subsequent steps
        {
          echo "VALIDATED_GIT_TOKEN=$FINAL_TOKEN"
          echo "VALIDATED_GIT_USERNAME=$FINAL_USERNAME"
          echo "VALIDATED_GIT_EMAIL=$FINAL_EMAIL"
        } >> "$GITHUB_ENV"

    - name: Configure Git
      shell: bash
      run: |-
        set -euo pipefail
        # Use validated environment variables from GITHUB_ENV
        GITHUB_TOKEN="$VALIDATED_GIT_TOKEN"
        GIT_USERNAME="$VALIDATED_GIT_USERNAME"
        GIT_EMAIL="$VALIDATED_GIT_EMAIL"

        # Store token in variable to avoid repeated exposure
        TOKEN="$GITHUB_TOKEN"

        git config --local --unset-all http.https://github.com/.extraheader || true
        git config --local \
          --add "url.https://x-access-token:${TOKEN}@github.com/.insteadOf" \
          "https://github.com/"
        git config --local \
          --add "url.https://x-access-token:${TOKEN}@github.com/.insteadOf" \
          'git@github.com:'
        git config --local user.name "$GIT_USERNAME"
        git config --local user.email "$GIT_EMAIL"