name: "Update"
on:
  workflow_dispatch:
  schedule:
    # chosen by fair dice rolling
    - cron:  '40 * * * *'
  push:
    branches:
      - master
concurrency:
  group: update
  cancel-in-progress: false
jobs:
  update_nur:
    runs-on: ubuntu-latest
    # Don't trigger when the last push was done by a bot
    if: github.event_name != 'push' || endsWith(github.actor, '[bot]')
    steps:
    - id: get_workflow_token
      uses: peter-murray/workflow-application-token-action@v4.0.1
      with:
        application_id: '${{ secrets.GH_APPLICATION_ID }}'
        application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}'
        permissions: "contents:write"
        revoke_token: true
    - uses: actions/checkout@v4
      with:
        fetch-depth: '0'
    - uses: cachix/install-nix-action@v30
      with:
        nix_path: nixpkgs=channel:nixos-unstable
        extra_nix_config: |
          experimental-features = nix-command flakes
    - name: update nur / nur-combined
      run: ./ci/update-nur.sh
      env:
        API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}'
    - name: rebase # TODO: fix upstream push-protected to retry when push fails
      run: |
        source ./ci/lib/setup-git.sh
        git fetch origin master
        git pull --rebase origin master
      env:
        GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
    - uses: CasperWA/push-protected@v2
      with:
        token: ${{ steps.get_workflow_token.outputs.token }}
        branch: master

  update_combined:
    runs-on: ubuntu-latest
    needs: update_nur
    steps:
    - id: get_workflow_token
      uses: peter-murray/workflow-application-token-action@v4.0.1
      with:
        application_id: '${{ secrets.GH_APPLICATION_ID }}'
        application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}'
        permissions: "contents:write"
        revoke_token: true
    - uses: actions/checkout@v4
      with:
        repository: nix-community/NUR
        fetch-depth: '0'
        path: nur
    - uses: actions/checkout@v4
      with:
        repository: nix-community/nur-combined
        fetch-depth: '0'
        path: nur-combined
    - uses: cachix/install-nix-action@v30
      with:
        nix_path: nixpkgs=channel:nixos-unstable
        extra_nix_config: |
          experimental-features = nix-command flakes
    - name: update nur-combined
      run: ./nur/ci/update-nur-combined.sh
      env:
        API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}'
    - name: rebase and push
      run: |
        source ./nur/ci/lib/setup-git.sh
        git -C $GITHUB_WORKSPACE/nur-combined pull --rebase origin master
        git -C $GITHUB_WORKSPACE/nur-combined push origin HEAD:master
      env:
        GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}

  update_search:
    runs-on: ubuntu-latest
    needs: update_nur
    steps:
    - id: get_workflow_token
      uses: peter-murray/workflow-application-token-action@v4.0.1
      with:
        application_id: '${{ secrets.GH_APPLICATION_ID }}'
        application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}'
        permissions: "contents:write"
        revoke_token: true
    - uses: actions/checkout@v4
    - uses: cachix/install-nix-action@v30
      with:
        nix_path: nixpkgs=channel:nixos-unstable
        extra_nix_config: |
          experimental-features = nix-command flakes
    - name: update nur-search/data/packages.json
      run: ./ci/update-nur-search.sh
      env:
        API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}'