name: 'Update flake.lock'
on:
  workflow_dispatch:
  schedule:
    - cron: '30 5 * * 0'

# you need to grant permissions to create PR:
# https://github.com/DeterminateSystems/update-flake-lock/issues/75
jobs:
  update-flake-lock:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: cachix/install-nix-action@v23
        with:
          extra_nix_config: |
            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
      # sign commits with a ssh key
      # https://github.com/webfactory/ssh-agent
      - uses: webfactory/ssh-agent@v0.8.0
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
      - name: Update flake.lock
        id: update-flake-lock
        uses: DeterminateSystems/update-flake-lock@v20
        with:
          pr-title: "Update flake.lock"
          pr-labels: |
            dependencies
            automated