name: Update dependencies
on:
  pull_request_target:
    types: [opened, synchronize, reopened, ready_for_review, labeled]

jobs:
  update:
    name: Update dependencies
    timeout-minutes: 45
    runs-on: macos-latest
    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Remove PR label
      env:
        REPOSITORY: '${{ github.repository }}'
        PR_NUMBER: '${{ github.event.pull_request.number }}'
        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
      run: |
        gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE

    - name: Push updated dependencies
      env:
        BRANCH: '${{ github.head_ref }}'
      run: |
        git fetch origin "$BRANCH" --depth=1
        git checkout "origin/$BRANCH"
        sudo npm install --force -g npm@latest
        npm install
        npm ci
        npm run removeNPMAbsolutePaths
        if [ ! -z "$(git status --porcelain)" ]; then
          git config --global user.email "github-actions@github.com"
          git config --global user.name "github-actions[bot]"
          git add node_modules
          git commit -am "Update checked-in dependencies"
          git push origin "HEAD:$BRANCH"
        fi