From bd1dddaf503a7bb40fdf52816ee8bf907a4d2c9a Mon Sep 17 00:00:00 2001
From: Matt Sturgeon <matt@sturgeon.me.uk>
Date: Sun, 14 Jul 2024 11:24:51 +0100
Subject: [PATCH] github/update: run `update` on the respective branch

- Run the `update.yml` workflow on the triggered branch, replace the
  job matrix with a conditional step that runs update on nixos-24.05.
- Added a `cancel-in-progress` concurrency group.
- Disabled committing in PR action (using negative add-paths).
---
 .github/workflows/update.yml | 64 ++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 5263cb51..29e3a907 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -1,45 +1,45 @@
 name: update
 on:
-  workflow_dispatch: # allows manual triggering
-    inputs:
-      branch:
-        description: "Branch to update"
-        type: choice
-        options:
-          - "stable & unstable"
-          - "main"
-          - "nixos-24.05"
+  # Runs every Saturday at noon
   schedule:
-    - cron: "0 12 * * SAT" # runs weekly on Saturday at noon
+    - cron: "0 12 * * SAT"
+  # Allow manual triggering
+  workflow_dispatch:
+    inputs:
+      nixos-24.05:
+        type: boolean
+        description: Also update nixos-24.05
+
+# Allow one concurrent update per branch
+concurrency:
+  group: "update-${{ github.ref_name }}"
+  cancel-in-progress: true
+
+# Allow running workflows, pushing and creating PRs
+permissions:
+  actions: write
+  contents: write
+  pull-requests: write
 
 jobs:
-  lockfile:
-    strategy:
-      matrix:
-        # This allows to update both stable & unstable branches, but not both when triggered
-        # manually
-        branch: ["main", "nixos-24.05"]
-        selectedBranch: ["${{ inputs.branch }}"]
-        exclude:
-          - selectedBranch: main
-            branch: "nixos-24.05"
-          - selectedBranch: "nixos-24.05"
-            branch: main
-
+  update:
     name: Update the flake inputs and generate options
     runs-on: ubuntu-latest
     timeout-minutes: 40
 
-    permissions:
-      contents: write
-      pull-requests: write
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CI_UPDATE_SSH_KEY }}
-          ref: ${{ matrix.branch }}
+
+      # NOTE: If additional "inputs" are added, copy this step
+      - name: Update nixos-24.05
+        if: inputs['nixos-24.05'] || github.event_name == 'schedule'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh workflow run update.yml --ref nixos-24.05
 
       - name: Install Nix
         uses: cachix/install-nix-action@v26
@@ -82,13 +82,13 @@ jobs:
         id: pr
         uses: peter-evans/create-pull-request@v6
         with:
-          branch: update/${{ matrix.branch }}
-          base: ${{ matrix.branch }}
+          add-paths: "!**"
+          branch: update/${{ github.ref_name }}
           delete-branch: true
           team-reviewers: |
             nix-community/nixvim
           title: |
-            [${{ matrix.branch }}] Update flake.lock & generated files
+            [${{ github.ref_name }}] Update flake.lock & generated files
           body: |
             ## Flake lockfile
             ```
@@ -112,7 +112,7 @@ jobs:
           echo "${pr} was ${operation}."
 
           # markdown summary
-          echo "## ${{ matrix.branch }}" >> $GITHUB_STEP_SUMMARY
+          echo "## ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY
           echo >> $GITHUB_STEP_SUMMARY
           echo "\`${head:0:6}\` pushed to \`${pr_branch}\`" >> $GITHUB_STEP_SUMMARY
           echo >> $GITHUB_STEP_SUMMARY