name: Pre-Release Sync

on:
  workflow_dispatch: # Manual trigger

permissions:
  contents: write
  pull-requests: write

jobs:
  develop-to-main-sync:
    runs-on: ubuntu-latest

    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout main branch
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: main

      - name: Reset develop branch
        run: |
          git fetch origin develop:develop
          git reset --hard develop

      - name: Create PR from develop to main
        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          title: "Merge develop into main"
          body: "This PR merges changes from develop into main."
          branch: sync-develop-to-main
          delete-branch: true