name: 'Preview Environment Dispatch'

on:
  # Using pull_request_target instead of pull_request to have access to secrets for external contributors
  # Security note: This is safe because we're only using the repository-dispatch action with limited scope
  # and not checking out or running any code from the external contributor's PR
  pull_request_target:
    types: [opened, synchronize, reopened, labeled]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  changed-files-check:
    uses: ./.github/workflows/changed-files.yaml
    with:
      files: |
        .github/workflows/preview-env-dispatch.yaml
        .github/workflows/preview-env-keepalive.yaml
        packages/twenty-docker/**
        docker-compose.yml
        packages/twenty-server/**
        packages/twenty-front/**

  trigger-preview:
    needs: changed-files-check
    permissions:
      contents: write
      actions: write
      pull-requests: read
    if: needs.changed-files-check.outputs.any_changed == 'true' || contains(github.event.pull_request.labels.*.name, 'preview')
    timeout-minutes: 5
    runs-on: ubuntu-latest
    steps:
      - name: Trigger preview environment workflow
        uses: peter-evans/repository-dispatch@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          repository: ${{ github.repository }}
          event-type: preview-environment
          client-payload: '{"pr_number": "${{ github.event.pull_request.number }}", "pr_head_sha": "${{ github.event.pull_request.head.sha }}", "repo_full_name": "${{ github.repository }}"}'