---
name: Update flake inputs

on:
  schedule:
    - cron: "0 0 1 * *"
  workflow_dispatch:

jobs:
  flake-update:
    runs-on: ubuntu-24.04
    if: vars.APP_ID
    strategy:
      matrix:
        branch: [master, release-25.05]
    steps:
      - uses: actions/checkout@v5
        with:
          ref: ${{ matrix.branch }}

      - uses: cachix/install-nix-action@v31

      - id: generate-token
        uses: actions/create-github-app-token@v2
        with:
          app-id: ${{ vars.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}
          permission-contents: write
          permission-pull-requests: write

      - id: user-info
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
          slug: ${{ steps.generate-token.outputs.app-slug }}
        run: |
          name="$slug[bot]"
          id="$(gh api "/users/$name" --jq .id)"
          printf \
            '%s=%s\n' \
            id "$id" \
            name "$name" \
            email "$id+$name@users.noreply.github.com" \
            >>"$GITHUB_OUTPUT"

      - name: setup git
        env:
          name: ${{ steps.user-info.outputs.name }}
          email: ${{ steps.user-info.outputs.email }}
        run: |
          git config --global user.name "$name"
          git config --global user.email "$email"

      - name: update lock files
        run: |
          nix flake update \
            --commit-lock-file \
            --option commit-lock-file-summary "flake: update public inputs"

          nix flake update \
            --commit-lock-file \
            --flake ./flake/dev \
            --option commit-lock-file-summary "flake: update dev inputs"

          # The nixpkgs maintainers may have changed, so keep all-maintainers
          # in sync
          nix run .#all-maintainers

          git add generated/all-maintainers.nix
          git commit --message "stylix: update all-maintainers list" ||
            echo "generated/all-maintainers.nix has no changes"

      - name: create pull request
        env:
          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
          base_branch: ${{ matrix.branch }}
          pr_branch: update_flake_lock_action_${{ matrix.branch }}
          title: "${{ startsWith(matrix.branch, 'release') && format('[{0}] ', matrix.branch) || '' }}flake: update public and dev inputs"  # yamllint disable-line rule:line-length
        run: |
          git switch --create "$pr_branch"

          git push origin "$pr_branch" \
            --force \
            --set-upstream

          gh pr create \
            --base "$base_branch" \
            --title "$title" \
            --label "topic: dependencies" ||
            echo "Failed to create PR"