name: Update flake.lock

on:
  schedule:
    # run every saturday
    - cron: "0 0 * * 6"
  workflow_dispatch:

jobs:
  update:
    name: Run update & create PR

    runs-on: ubuntu-latest

    steps:
      - name: Generate GitHub App token
        uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.PRIVATE_KEY }}

      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ steps.app-token.outputs.token }}

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v16

      - name: Run update
        run: nix flake update

      - name: Create pull request
        id: pull-request
        uses: peter-evans/create-pull-request@v7
        with:
          branch: update-flake-lock
          commit-message: "flake: update inputs"
          title: "flake: update inputs"
          token: ${{ steps.app-token.outputs.token }}
          sign-commits: true

      - name: Enable auto-merge
        if: ${{ env.PR_ID != '' }}
        run: gh pr merge --auto --squash "$PR_ID"
        env:
          PR_ID: ${{ steps.pull-request.outputs.pull-request-number }}
          GH_TOKEN: ${{ steps.app-token.outputs.token }}