on:
  schedule:
    - cron: "0 13 * * *"
  workflow_dispatch:

name: Specification version check

permissions: {}

jobs:
  # Get the version of the TUF specification the project states it supports
  get-supported-tuf-version:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.get-version.outputs.version }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
         persist-credentials: false
      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.x"
      - id: get-version
        run: |
          python3 -m pip install -r requirements/pinned.txt
          script="from tuf.api.metadata import SPECIFICATION_VERSION; \
                  print(f\"v{'.'.join(SPECIFICATION_VERSION)}\")"
          ver=$(python3 -c "$script")
          echo "version=$ver" >> $GITHUB_OUTPUT
  # Get the latest TUF specification release and open an issue (if needed)
  specification-bump-check:
    permissions:
      contents: read
      issues: write
    needs: get-supported-tuf-version
    uses: theupdateframework/specification/.github/workflows/check-latest-spec-version.yml@master # zizmor: ignore[unpinned-uses]
    with:
      tuf-version: ${{needs.get-supported-tuf-version.outputs.version}}