name: Update flake.lock

on:
  schedule:
    # run every saturday
    - cron: "0 0 * * 6"
  workflow_dispatch:

jobs:
  update:
    name: Update
    runs-on: ubuntu-latest

    permissions:
      contents: write
      pull-requests: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@7993355175c2765e5733dae74f3e0786fe0e5c4f # v12

      - name: Set Git user info
        run: |
          git config user.name 'github-actions[bot]'
          git config user.email 'github-actions[bot]@users.noreply.github.com'

      - name: Create new branch
        id: branch
        run: |
          branch="update-flake-lock"

          echo "branch=$branch" >> "$GITHUB_OUTPUT"
          git switch -c "$branch"

      - name: Update flake inputs
        run: |
            nix flake update \
              --commit-lock-file \
              --commit-lockfile-summary "chore: update flake inputs"

      - name: Update test flake inputs
        run: |
          pushd ./test

          nix flake update \
            --commit-lock-file \
            --commit-lockfile-summary "chore: update test flake inputs"

          popd

      - name: Make PR if needed
        env:
          GH_TOKEN: ${{ github.token }}
          BRANCH: ${{ steps.branch.outputs.branch }}
        run: |
          if ! git diff --color=always --exit-code origin/main; then
            git fetch origin "$BRANCH" || true
            git push --force-with-lease -u origin "$BRANCH"

            gh pr create \
              --base main \
              --head "$BRANCH" \
              --title "chore: update flake inputs" \
              --fill
          fi