name: update-flake-lock
on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * *"

jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@main
        with:
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
          pr-title: "Update flake.lock"
          pr-labels: |
            dependencies
            automated
      - name: Enable auto-merge
        if: ${{ success() }}
        run: |
          gh pr merge --auto --rebase "$PR_URL"
        env:
          PR_URL: ${{ steps.update-flake-lock.outputs.pull-request-url }}
          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
          auto-merge: true
          pr-allow-automerge: true