7 files changed, 71 insertions, 132 deletions

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1d662ce..4c39a33 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,8 +1,8 @@
 version: 2
 updates:
-  - package-ecosystem: "github-actions" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "github-actions"
+    directory: "/"
     schedule:
       interval: "weekly"
     commit-message:
-      prefix: "actions"
+      prefix: "ci"
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml
deleted file mode 100644
index ae76092..0000000
--- a/.github/workflows/autobot.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: Auto-merge Dependabot
-
-on: pull_request
-
-jobs:
-  automerge:
-    name: Auto-merge
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    if: github.actor == 'dependabot[bot]'
-
-    steps:
-      - uses: dependabot/fetch-metadata@v2
-        id: metadata
-        with:
-          github-token: ${{ github.token }}
-
-      - name: Enable auto-merge
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
-        run: gh pr merge --auto --rebase "$PR"
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR: ${{ github.event.pull_request.html_url }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 61e530d..aba5926 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -8,6 +8,8 @@ on:
 
 jobs:
   build:
+    name: Build (${{ matrix.system }})
+
     strategy:
       fail-fast: false
       matrix:
@@ -19,17 +21,16 @@ jobs:
           - os: ubuntu-latest
             system: aarch64-linux
 
-    name: Build (${{ matrix.system }})
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
       - name: Setup QEMU
         if: matrix.system == 'aarch64-linux'
-        uses: docker/setup-qemu-action@v3
-        with:
-          platforms: "arm64"
+        run: |
+          sudo apt install -y qemu-user-static
 
       - name: Install Nix
         if: matrix.system != 'aarch64-linux'
@@ -49,41 +50,33 @@ jobs:
 
       - name: Run build
         run: |
-          args=(
-            --inputs-from .
-            --override-input nixpkgs nixpkgs
+          nix run \
+            --inputs-from . \
+            --override-input nixpkgs nixpkgs \
             github:Mic92/nix-fast-build -- \
             --no-nom \
             --skip-cached \
-            --systems '${{ matrix.system }}'
+            --systems '${{ matrix.system }}' \
             --option accept-flake-config true \
             --option allow-import-from-derivation false \
             --flake '.#packages'
-          )
-
-          nix run "${args[@]}"
 
   check:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest]
+    name: Check flake
 
-    name: Check flake (${{ matrix.os }})
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v11
 
       - name: Run check
         run: |
-          args=(
-            --print-build-logs
-            --show-trace
+          nix flake check \
+            --all-systems \
+            --print-build-logs \
+            --show-trace \
             --accept-flake-config
-          )
-
-          nix flake check "${args[@]}"
diff --git a/.github/workflows/flakehub-publish.yaml b/.github/workflows/flakehub-publish.yaml
deleted file mode 100644
index 377b478..0000000
--- a/.github/workflows/flakehub-publish.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Flakehub publish
-
-on:
-  push:
-    branches: [main]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    permissions:
-      id-token: write
-      contents: read
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v11
-
-      - name: Push to Flakehub
-        uses: DeterminateSystems/flakehub-push@v3
-        with:
-          visibility: "public"
-          rolling: true
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
new file mode 100644
index 0000000..6e9ac46
--- /dev/null
+++ b/.github/workflows/publish.yaml
@@ -0,0 +1,46 @@
+name: Publish Flake
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  flakehub:
+    name: FlakeHub
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v11
+
+      - name: Push to Flakehub
+        uses: DeterminateSystems/flakehub-push@v3
+        with:
+          visibility: "public"
+          rolling: true
+
+  flakestry:
+    name: Flakestry
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Get version
+        id: get-version
+        run: |
+          echo "version=v0.1.$(date +'%Y%m%d%H%M%S')" >> "$GITHUB_OUTPUT"
+
+      - name: Publish to flakestry.dev
+        uses: flakestry/flakestry-publish@main
+        with:
+          version: ${{ steps.get-version.outputs.version }}
diff --git a/.github/workflows/staging-automerge.yaml b/.github/workflows/staging-automerge.yaml
deleted file mode 100644
index 9998584..0000000
--- a/.github/workflows/staging-automerge.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: Auto-merge staging
-
-on:
-  push:
-    branches: ["staging"]
-  workflow_dispatch:
-
-jobs:
-  automerge:
-    name: Auto-merge
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check if PR exists
-        id: check
-        run: |
-          prs=$(gh pr list \
-            --repo ${{ github.repository }} \
-            --head staging \
-            --json state \
-            --jq 'map(select(.state == "OPEN")) | length')
-
-          if (( prs > 0 )); then
-            echo "skip=true" >> "$GITHUB_OUTPUT"
-          fi
-
-        env:
-          GH_TOKEN: ${{ github.token }}
-
-      - uses: actions/checkout@v4
-        if: ${{ !steps.check.outputs.skip }}
-        with:
-          fetch-depth: 0
-
-      - name: Create PR
-        if: ${{ !steps.check.outputs.skip }}
-        run: |
-          gh pr create \
-            --base main \
-            --head ${{ github.ref_name }} \
-            --title "auto-merge: ${{ github.ref_name }} -> main" \
-            --fill
-        env:
-          GH_TOKEN: ${{ secrets.MERGE_TOKEN }}
-
-      - name: Enable auto-merge
-        if: ${{ !steps.check.outputs.skip }}
-        run: gh pr merge --auto --rebase --match-head-commit ${{ github.sha }}
-        env:
-          GH_TOKEN: ${{ secrets.MERGE_TOKEN }}
diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml
index c4d79c4..c6acc16 100644
--- a/.github/workflows/update-lock.yaml
+++ b/.github/workflows/update-lock.yaml
@@ -9,10 +9,12 @@ on:
 jobs:
   update:
     name: Update
+
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v11
@@ -27,7 +29,7 @@ jobs:
 
       - name: Enable auto-merge
         shell: bash
-        run: gh pr merge --auto --rebase "$PR_ID"
+        run: gh pr merge --auto --squash "$PR_ID"
         env:
           GH_TOKEN: ${{ secrets.MERGE_TOKEN }}
           PR_ID: ${{ steps.update.outputs.pull-request-number }}