name: Generate artifacts on PR
#
# If PR is labeled with "Build" and you are a member of "Release manager" team it will start (additional security feature)
#

on:
  pull_request:
    types: [opened, reopened, synchronize, review_requested, labeled]

concurrency:
  group: pipeline-pr-${{github.event.pull_request.number}}
  cancel-in-progress: true

jobs:

  Check:
    permissions:
      pull-requests: read

    name: "verify if compilation can be executed"
    if: contains(github.event.pull_request.labels.*.name, 'Build')
    runs-on: Linux
    outputs:
      member: ${{ steps.checkUserMember.outputs.isTeamMember }}
    steps:

      -  uses: tspascoal/get-user-teams-membership@v3
         id: checkUserMember
         with:
           username: ${{ github.actor }}
           organization: armbian
           team: "Release manager"
           GITHUB_TOKEN: ${{ secrets.ORG_MEMBERS }}

  Compile:

    needs: Check
    name: "Update artifacts"
    if: ${{ github.repository_owner == 'Armbian' && needs.Check.outputs.member == 'true' }}
    uses: armbian/os/.github/workflows/complete-artifact-matrix-all.yml@main
    secrets:
      ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }}
    with:
      extraParamsAllBuilds: "UPLOAD_TO_OCI_ONLY=no"
      ref: ${{ github.event.pull_request.head.sha }}