name: Update dist files on main branch

on:
  push:
    branches:
      - main
    paths-ignore:
      - 'dist/**'
  workflow_dispatch:

jobs:
  package:
    name: Package dist files
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
          ref: ${{ github.ref_name }}
          persist-credentials: false
      - name: Package
        run: |
          npm ci
          npm test
          npm run package
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v6
        with:
          aws-region: us-west-2
          role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
          role-duration-seconds: 900
          role-session-name: SecretsManagerFetch
      - name: Get bot user token
        uses: aws-actions/aws-secretsmanager-get-secrets@v2
        with:
          parse-json-secrets: true
          secret-ids: |
            ${{ secrets.OSDS_PACKAGING_ROLE }}
      - name: Commit
        run: |
          echo "::add-mask::${{ env.OSDS_ACCESS_TOKEN }}"
          git config user.name "GitHub Actions"
          git config user.email "github-aws-sdk-osds-automation@amazon.com"
          git remote set-url origin https://${{ env.OSDS_ACCESS_TOKEN }}@github.com/aws-actions/configure-aws-credentials.git
          git add dist
          git commit -m "chore: Update dist" || echo "No changes to commit"
          git push --force origin