name: update-flake-lock
on:
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: "0 0 * * 0" # runs weekly on Sunday at 00:00

jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      - name: Setup sudo (required for the next step)
        run: apt-get update && apt-get install -y sudo
      - name: Setup nix
        uses: cachix/install-nix-action@v22
        with:
          github_access_token: ${{ secrets.GH_ACCESS_TOKEN }}
      - name: Update nix flake lockfile
        run: |
          nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update
      - name: Verify Changed files
        uses: tj-actions/verify-changed-files@v16
        id: verify-changed-files
        with:
          files: |
            flake.lock
      - name: Push updated lockfile
        if: steps.verify-changed-files.outputs.files_changed == 'true'
        run: |
          git diff
          git config --global user.name "Gitea Bot"
          git config --global user.email "gitea@xaked.com"
          git add flake.lock
          git commit -m '[Gitea CI]: bump flake.lock versions'