name: Log Issue Events to Statsig

on:
  issues:
    types: [opened, closed]

jobs:
  log-to-statsig:
    runs-on: ubuntu-latest
    permissions:
      issues: read
    steps:
      - name: Log issue creation to Statsig
        env:
          STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }}
          ISSUE_NUMBER: ${{ github.event.issue.number }}
          REPO: ${{ github.repository }}
          ISSUE_TITLE: ${{ github.event.issue.title }}
          AUTHOR: ${{ github.event.issue.user.login }}
          CREATED_AT: ${{ github.event.issue.created_at }}
        run: |
          # All values are now safely passed via environment variables
          # No direct templating in the shell script to prevent injection attacks
          
          curl -X POST "https://events.statsigapi.net/v1/log_event" \
            -H "Content-Type: application/json" \
            -H "statsig-api-key: $STATSIG_API_KEY" \
            -d '{
              "events": [{
                "eventName": "github_issue_created",
                "metadata": {
                  "issue_number": "'"$ISSUE_NUMBER"'",
                  "repository": "'"$REPO"'",
                  "title": "'"$(echo "$ISSUE_TITLE" | sed "s/\"/\\\\\"/g")"'",
                  "author": "'"$AUTHOR"'",
                  "created_at": "'"$CREATED_AT"'"
                },
                "time": '"$(date +%s)000"'
              }]
            }'