1 files changed, 56 insertions, 14 deletions

diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
index 7f5fc6b..dd290f9 100644
--- a/.github/workflows/update-flake.yaml
+++ b/.github/workflows/update-flake.yaml
@@ -1,24 +1,66 @@
-name: update flake inputs
+name: Update lockfiles
 
 on:
   schedule:
+    # run every saturday
     - cron: "0 0 * * 6"
   workflow_dispatch:
 
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
-  update-flake:
+  update:
+    name: Run update
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+      pull-requests: write
+
+    env:
+      PR_BRANCH: "update-lockfiles"
+
     steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v26
-      - uses: DeterminateSystems/magic-nix-cache-action@main
-
-      - uses: DeterminateSystems/update-flake-lock@v21
-        with:
-          commit-msg: "deps(flake): update inputs"
-          pr-title: "deps(flake): update inputs"
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v26
+
+      - name: Set Git user info
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+
+      - name: Create new branch
+        id: branch
+        run: |
+          git switch -c "$PR_BRANCH"
+
+      - name: Update flake inputs
+        run: |
+          nix flake update \
+            --commit-lock-file \
+            --commit-lockfile-summary "nix: update flake.lock"
+
+      - name: Make PR if needed
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if ! git diff --color=always --exit-code origin/main; then
+            git fetch origin "$PR_BRANCH" || true
+            git push --force-with-lease -u origin "$PR_BRANCH"
+
+            open_prs="$(gh pr list --base main --head "$PR_BRANCH" | wc -l)"
+            if [ "$open_prs" -eq 0 ]; then
+              gh pr create \
+                --base main \
+                --head "$PR_BRANCH" \
+                --title "nix: update flake.lock" \
+                --fill
+            fi
+          fi
+
+      - name: Enable auto-merge
+        shell: bash
+        run: gh pr merge --auto --squash
+        env:
+          GH_TOKEN: ${{ github.token }}