name: Update flake.lock

on:
  workflow_call:
    inputs:
      commit-msg:
        description: "Summary for lockfile commit"
        required: true
        type: string
      inputs:
        description: "Flake inputs to update"
        required: false
        default: ""
        type: string
    secrets:
      MERGE_TOKEN:
        description: PAT to create and merge PR
        required: true

jobs:
  update:
    name: Update & make PR

    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v12
        with:
          diagnostic-endpoint: ""
          source-url: "https://install.lix.systems/lix"

      - name: Update lockfile & make PR
        uses: DeterminateSystems/update-flake-lock@v22
        id: update
        with:
          commit-msg: ${{ inputs.commit-msg }}
          inputs: ${{ inputs.inputs }}
          pr-title: ${{ inputs.commit-msg }}
          token: ${{ secrets.MERGE_TOKEN }}

      - name: Enable auto-merge
        shell: bash
        if: steps.update.outputs.pull-request-number != ''
        run: gh pr merge --auto --rebase "$PR_ID"
        env:
          GH_TOKEN: ${{ secrets.MERGE_TOKEN }}
          PR_ID: ${{ steps.update.outputs.pull-request-number }}