name: Update flake.lock

on:
  schedule:
    - cron: "0 6 * * 1"
  workflow_dispatch:

permissions:
  contents: write
  pull-requests: write

jobs:
  update-flake-lock:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v19

      - name: Update flake.lock
        run: |
          nix --extra-experimental-features 'nix-command flakes' flake update

      - name: Create pull request
        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          add-paths: flake.lock
          branch: chore/update-flake-lock
          title: chore: update flake.lock
          commit-message: chore: update flake.lock
          body: |
            This is an automated update of `flake.lock` generated by the scheduled workflow.
            
            It updates pinned flake inputs so dependency updates can be reviewed and merged via PR.