name: update-flake-lock
on:
  workflow_dispatch: # allows manual triggering
    inputs:
      branch:
        description: "Branch to update"
        type: choice
        options:
          - 'stable & unstable'
          - 'main'
          - 'nixos-24.05'
  schedule:
    - cron: "0 12 * * SAT" # runs weekly on Saturday at noon

jobs:
  lockfile:
    strategy:
      matrix:
        # This allows to update both stable & unstable branches, but not both when triggered
        # manually
        branch: ['main', 'nixos-24.05']
        selectedBranch: ["${{ inputs.branch }}"]
        exclude:
          - selectedBranch: main
            branch: 'nixos-24.05'
          - selectedBranch: 'nixos-24.05'
            branch: main
    name: Update the flake inputs and generate options
    runs-on: ubuntu-latest
    timeout-minutes: 40
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
          ref: '${{ matrix.branch }}'

      - name: Install Nix
        uses: cachix/install-nix-action@v26
        with:
          nix_path: nixpkgs=channel:nixos-unstable
          github_access_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Update flake.lock
        id: update
        uses: DeterminateSystems/update-flake-lock@v21
        with:
          pr-title: "Update flake.lock (${{ matrix.branch }})"
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
          branch: "update_flake_lock_action-${{ matrix.branch }}"