const yaml = require('yaml');

const fs = require('node:fs');
const path = require('node:path');

const PREFIX = '# AUTOGENERATED FILE - DO NOT EDIT MANUALLY\n# ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml\n\n';

const base = path.resolve(__dirname, '../.github/workflows/pipeline-segment-electron-build.yml');
const target = path.resolve(__dirname, '../.github/workflows/pipeline-segment-electron-publish.yml');

const baseContents = fs.readFileSync(base, 'utf-8');

const parsedBase = yaml.parse(baseContents);
parsedBase.jobs.build.permissions = {
  'artifact-metadata': 'write',
  attestations: 'write',
  contents: 'read',
  'id-token': 'write'
};

if (process.argv.includes('--check')) {
  if (fs.readFileSync(target, 'utf-8') !== PREFIX + yaml.stringify(parsedBase)) {
    console.error(`${target} is out of date`);
    console.error('Please run "copy-pipeline-segment-publish.js" to update it');
    process.exit(1);
  }
} else {
  fs.writeFileSync(
    target,
    PREFIX + yaml.stringify(parsedBase)
  );
}