name: Pre submits e2e
on:
  pull_request:
    branches: ["main"]
  workflow_dispatch:

permissions: read-all

jobs:
  pre-submit:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
        with:
          path: __THIS_REPO__

      - name: setup-go
        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
        with:
          go-version: "1.18"

      - name: Build verifier at HEAD
        working-directory: __THIS_REPO__
        run: |
          set -euo pipefail
          go build -o slsa-verifier ./cli/slsa-verifier

      - name: Checkout e2e verification script
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
        with:
          path: __EXAMPLE_PACKAGE__
          repository: slsa-framework/example-package

      - name: Run verification script with testdata and slsa-verifier HEAD
        env:
          SLSA_VERIFIER_TESTING: "true"
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Necessary to use the gh CLI.
        run: ./__THIS_REPO__/.github/workflows/scripts/e2e-cli.sh