name: ci / PR description check

on:
  pull_request_target:
    types: [opened, edited, synchronize, reopened]

# pull_request_target runs in the base-repo context (has secrets).
# The checkout below pins to the base branch so no fork code is executed.
# The script only reads context.payload and calls the GitHub API.
permissions:
  issues: write
  pull-requests: write

jobs:
  check-description:
    name: Check PR description
    runs-on: ubuntu-latest
    # Skip bots — they open PRs programmatically and have their own process.
    if: github.event.pull_request.user.type != 'Bot'
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.base_ref }}
          sparse-checkout: .github/scripts

      - uses: actions/github-script@v7
        with:
          script: return require('./.github/scripts/check-pr-description.js')({github, context, core})