name: Update AIO Angular CLI help

on:
  workflow_dispatch:
    inputs: {}
  push:
    branches:
      - 'main'
      - '[0-9]+.[0-9]+.x'

# Declare default permissions as read only.
permissions:
  contents: read

jobs:
  update_cli_help:
    name: Update Angular CLI help (if necessary)
    if: github.repository == 'angular/angular'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          # Setting `persist-credentials: false` prevents the github-action account from being the
          # account that is attempted to be used for authentication, instead the remote is set to
          # an authenticated URL.
          persist-credentials: false
          # This is needed as otherwise the PR creation will fail with `shallow update not allowed` when the forked branch is not in sync.
          fetch-depth: 0
      - name: Generate CLI help
        run: node aio/scripts/update-cli-help/index.mjs
        env:
          ANGULAR_CLI_BUILDS_READONLY_GITHUB_TOKEN: ${{ secrets.ANGULAR_CLI_BUILDS_READONLY_GITHUB_TOKEN }}
      - name: Create a PR (if necessary)
        uses: angular/dev-infra/github-actions/create-pr-for-changes@c83e99a12397014162531ca125c94549db55dd84
        with:
          branch-prefix: update-cli-help
          pr-title: 'docs: update Angular CLI help [${{github.ref_name}}]'
          pr-description: |
            Updated Angular CLI help contents.
          pr-labels: |
            action: review
            area: docs
          angular-robot-token: ${{ secrets.ANGULAR_ROBOT_ACCESS_TOKEN }}