api="$url/api/v1"
export d=/srv/example/private-workflow-call

function main() {
    mkdir -p "$d"

    local repo
    repo="root/example-$example"

    forgejo-test-helper.sh push_workflow "actions/example-$example" "$url" root "example-$example" setup-forgejo "$token"

    # push_workflow creates the repository and triggers a first workflow run. Wait for it to succeed. Ensures that the
    # workflow is valid.
    local sha
    sha="$(forgejo-test-helper.sh branch_tip "$url" "$repo" main)"
    forgejo-test-helper.sh wait_success "$url" "$repo" "$sha"

    # Make the repository private. That is necessary to verify that Forgejo Runner includes the correct credentials when
    # cloning the workflow.
    forgejo-curl.sh api_json -X PATCH --data-raw '{"private":true}' "$api/repos/root/example-$example"

    # Create a new commit that triggers a new workflow run that can be identified uniquely.
    (
        cd "$d" || exit 1
        git clone "$url/root/example-$example"
        cd "example-$example" || exit 1
         git config user.email root@example.com
        git config user.name username
        echo "A new file" > test.txt
        git add .
        git commit -m 'Commit a new file'
        git push
    )

    # Wait for the workflow pulled from the private repository to succeed.
    local new_sha
    new_sha="$(forgejo-test-helper.sh branch_tip "$url" "$repo" main)"
    [[ "$new_sha" != "$sha" ]] || exit 1
    forgejo-test-helper.sh wait_success "$url" "$repo" "$new_sha"
}

main