name: Submit Review

on:
  pull_request_review:
    types: [submitted]

jobs:
  SubmitReview_job:
    name: Submit Review
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      pull-requests: read
    # For external PR, ticket should be moved manually
    if: |
        github.event.pull_request.head.repo.full_name == github.repository
        && (github.event.review.state == 'changes_requested'
            || github.event.review.state == 'approved')
    steps:
      - id: secrets
        uses: SonarSource/vault-action-wrapper@v3
        with:
          secrets: |
            development/kv/data/jira user | JIRA_USER;
            development/kv/data/jira token | JIRA_TOKEN;
      - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }}
          jira-token: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_TOKEN }}