name: Cron / Crowdin Pull
run-name: Crowdin Pull - ${{ github.event_name == 'workflow_dispatch' && 'Manual' || 'Scheduled' }}

on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * 5'

jobs:
  crowdin-sync:
    name: Crowdin Pull - ${{ matrix.name }} - ${{ github.event_name }}
    runs-on: ubuntu-24.04
    permissions:
      contents: write
      pull-requests: write
    strategy:
      matrix:
        include:
          - name: Password Manager
            project_id: 269690
            config: crowdin-bwpm.yml
            branch: crowdin-pull-bwpm
          - name: Authenticator
            project_id: 673718
            config: crowdin-bwa.yml
            branch: crowdin-pull-bwa
    steps:
      - name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Login to Azure - CI Subscription
        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Generate GH App token
        uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
        id: app-token
        with:
          app-id: ${{ secrets.BW_GHAPP_ID }}
          private-key: ${{ secrets.BW_GHAPP_KEY }}

      - name: Download translations for ${{ matrix.name }}
        uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2.7.0
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
          _CROWDIN_PROJECT_ID: ${{ matrix.project_id }}
        with:
          config: ${{ matrix.config }}
          upload_sources: false
          upload_translations: false
          download_translations: true
          github_user_name: "bitwarden-devops-bot"
          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
          commit_message: "Crowdin Pull - ${{ matrix.name }}"
          localization_branch_name: ${{ matrix.branch }}
          create_pull_request: true
          pull_request_title: "Crowdin Pull - ${{ matrix.name }}"
          pull_request_body: ":inbox_tray: New translations for ${{ matrix.name }} received!"
          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}