name: Process Dependabot PRs

on:
  pull_request:
    types: [opened, reopened]

jobs:
  process-dependabot-prs:
    permissions:
      pull-requests: read
      contents: write

    runs-on: ubuntu-latest
    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
    steps:

    - name: Fetch Dependabot metadata
      id: dependabot-metadata
      uses: dependabot/fetch-metadata@v2.2.0

    - uses: actions/checkout@v4
      with:
        ref: ${{ github.event.pull_request.head.ref }}

    - name: Update Version Number in Other Files
      uses: jacobtomlinson/gha-find-replace@v3
      with:
        find: ${{ steps.dependabot-metadata.outputs.previous-version }}
        replace: ${{ steps.dependabot-metadata.outputs.new-version }}
        regex: false
        exclude: CHANGES.rst

    - name: Commit & Push Changes to PR
      uses: EndBug/add-and-commit@v9.1.4
      with:
        message: 'Update version number in other files'
        committer_name: GitHub Actions
        committer_email: 41898282+github-actions[bot]@users.noreply.github.com