# SPDX-FileCopyrightText: Copyright (C) 2025 Opal Health Informatics Group <https://www.opalmedapps.com>

#

# SPDX-License-Identifier: MIT

name: thirdparty

on:

pull_request:

paths:

- opal/static/thirdparty/package.json

- opal/static/thirdparty/package-lock.json

concurrency:

group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}

cancel-in-progress: true

permissions:

contents: read

jobs:

npm-update:

runs-on: ubuntu-latest

permissions:

contents: write

# ensure that this only runs for Renovate PRs and not on forks

# https://woodruffw.github.io/zizmor/audits/#bot-conditions

if: github.event.pull_request.user.login == 'renovate[bot]' && github.repository == github.event.pull_request.head.repo.full_name

steps:

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

with:

persist-credentials: true

ref: ${{ github.head_ref }}

lfs: true

- name: Update thirdparty static files

id: update

run: |

cd opal/static/thirdparty/

npm install

git status

MODIFIED=$(if git diff-index --quiet HEAD --; then echo false; else echo true; fi)

echo "modified=$MODIFIED" >> "$GITHUB_OUTPUT"

# this does not trigger a new workflow run due to: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#triggering-a-workflow-from-a-workflow

- name: Push changes

if: steps.update.outputs.modified == 'true'

# see: https://github.com/actions/checkout#push-a-commit-to-a-pr-using-the-built-in-token

run: |

git config user.name github-actions[bot]

git config user.email 41898282+github-actions[bot]@users.noreply.github.com

git add opal/static/thirdparty/

git commit -m "update static thirdparty files"

git push