2 files changed, 89 insertions, 13 deletions

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 054e4a3..e6012f8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,34 +5,66 @@ on:
     branches: [main]
     paths:
       - "**.nix"
+      - "flake.lock"
       - ".github/workflows/ci.yaml"
   pull_request:
     paths:
       - "**.nix"
+      - "flake.lock"
       - ".github/workflows/ci.yaml"
+  workflow_call:
+    inputs:
+      ref:
+        type: string
+        description: "The branch, tag or SHA to checkout."
+        required: false
   workflow_dispatch:
 
 jobs:
-  build:
-    name: Build
+  eval:
+    name: Eval
 
-    strategy:
-      matrix:
-        include:
-          - os: ubuntu-latest
-            system: x86_64-linux
-
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
 
       - name: Install Nix
         uses: cachix/install-nix-action@v30
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
 
-      - name: Run build
+      - name: Evaluate Flake 
         run: |
-          nix-build release.nix -A ${{ matrix.system }}
+          nix flake check \
+            --all-systems \
+            --no-build \
+            --show-trace
+
+  # build:
+  #   name: Build (${{ matrix.system }})
+
+  #   strategy:
+  #     matrix:
+  #       include:
+  #         - os: ubuntu-latest
+  #           system: x86_64-linux
+
+  #   runs-on: ${{ matrix.os }}
+
+  #   steps:
+  #     - name: Checkout repository
+  #       uses: actions/checkout@v4
+  #       with:
+  #         ref: ${{ inputs.ref }}
+
+  #     - name: Install Nix
+  #       uses: cachix/install-nix-action@v30
+
+  #     - name: Run build
+  #       run: |
+  #         nix flake check \
+  #           --fallback \
+  #           --print-build-logs \
+  #           --show-trace
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
new file mode 100644
index 0000000..f7e0b12
--- /dev/null
+++ b/.github/workflows/update-flake.yaml
@@ -0,0 +1,44 @@
+name: Update flake.lock
+
+on:
+  schedule:
+    # Run every Saturday
+    - cron: "0 0 * * 6"
+  workflow_dispatch:
+
+jobs:
+  update:
+    name: Run update & create PR
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v30
+
+      - name: Run update
+        run: |
+          nix flake update \
+            --commit-lock-file \
+            --commit-lockfile-summary "flake: update inputs"
+
+      - name: Create pull request
+        id: create-pull-request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          branch: update-flake-lock
+          title: "flake: update inputs"
+          token: ${{ github.token }}
+          sign-commits: true
+
+      - name: Run CI
+        uses: ./.github/workflows/ci.yaml
+        with:
+          ref: ${{ steps.create-pull-request.outputs.pull-request-head-sha }}