.check_pre_commit_template:
  extends:
    - .before_script:minimal
  stage: pre_check
  image: "${CI_DOCKER_REGISTRY}/esp-idf-pre-commit:2"
  tags: [pre-commit]
  variables:
    # Both shiny and brew runners can pick this job
    GIT_STRATEGY: fetch
    GIT_DEPTH: 1
    SUBMODULES_TO_FETCH: "all"
  needs:
    - pipeline_variables
  script:
    - fetch_submodules
    - pre-commit run --files $MODIFIED_FILES
    - pre-commit run --hook-stage post-commit validate-sbom-manifest

check_pre_commit:
  extends:
    - .check_pre_commit_template
  rules:
    - if: '($CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_BRANCH =~ /^release\/v/) && $CI_PIPELINE_SOURCE == "push"'
      when: never
    - when: on_success
  cache:
    - key: submodule-cache-${LATEST_GIT_TAG}
      paths:
        - .cache/submodule_archives
      policy: pull

check_powershell:
  extends:
    - .before_script:minimal
  stage: pre_check
  image: docker:latest
  services:
    - docker:dind
  tags:
    - dind
    - amd64
    - brew # faster "apk add"
  needs:
    - pipeline_variables
  variables:
    # brew runners always use fetch
    GIT_STRATEGY: fetch
    GIT_DEPTH: 1
    SUBMODULES_TO_FETCH: "none"
  rules:
    - changes:
        - "*.ps1"
        - ".gitlab/ci/pre_commit.yml"
  script:
    - apk add python3
    - apk add py3-pip
    - pip install pre-commit --break-system-packages
    - pre-commit run --hook-stage manual check-powershell-scripts --files $MODIFIED_FILES