name: Update Flake Inputs
on:
  workflow_dispatch:
  schedule:
    - cron: "0 2 * * 3" # 02:00 on Wednesday

permissions: {}

jobs:
  update-lockfile:
    runs-on: ubuntu-latest

    permissions:
      pull-requests: write
      contents: write

    outputs:
      pr: ${{ steps.pr.outputs.pull-request-url }}
      branch: ${{ steps.pr.outputs.pull-request-branch }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: Update Lockfile
        run: nix flake update

      - name: Update Sources
        run: |
          nix run .#update

      - name: Create Pull request
        id: pr
        uses: peter-evans/create-pull-request@v7
        with:
          title: "chore: update flake inputs"
          commit-message: "chore: update flake inputs"
          branch: update-flake-inputs
          token: ${{ github.token }}

  build:
    name: Build
    needs: update-lockfile

    permissions:
      contents: read

    uses: ./.github/workflows/build.yml
    with:
      ref: ${{ needs.update-lockfile.outputs.branch }}

  merge:
    name: Merge Pull Request
    needs: [update-lockfile, build]
    runs-on: ubuntu-latest

    permissions:
      pull-requests: write
      contents: write

    steps:
      - name: Merge Pull Request
        run: gh pr merge --rebase --auto --delete-branch "$PR"
        env:
          GH_TOKEN: ${{ github.token }}
          PR: ${{ needs.update-lockfile.outputs.pr }}