name: Check for Google Root CA Updates

on:
  push:
  pull_request:
  schedule:
    - cron: '23 23 * * *'

defaults:
  run:
    shell: bash
    working-directory: src

jobs:
  check-apis:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
        with:
          persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
          fetch-depth: 0 # otherwise, you will failed to push refs to dest repo

      - name: Check for updates
        run: curl -o ./cacerts.pem -vvvv https://pki.goog/roots.pem

      - name: Commit file
        run: |
          git config --local user.email "action@github.com"
          git config --local user.name "GitHub Action"
          git add cacerts.pem
          git diff --quiet && git diff --staged --quiet || git commit -am '[ci skip] Updated cacerts.pem'

      - name: Push changes
        uses: ad-m/github-push-action@master
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}